...
Omitting User-Password in inner authentication logs
By default, the "detail" modules log every attribute as it was received. For inner authentications with TTLS-PAP, this means that the attribute "User-Password" with the user's perceived password will be logged. This is often considered harmful. You can deactivate it by blacklisting the attribute in the auth_log module in /etc/raddb/modules/auth_log:
| Code Block |
|---|
detail auth_detail {
...
suppress {
User-Password
}}
|
adding VLAN assignment attributes
...