From: Alan T. DeKok <aland@freeradius.org>
Date: Fri, 2 Apr 2021 10:13:46 +0000 (-0400)
Subject: document suppress_secrets
X-Git-Tag: release_3_0_22~128
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=efc9c8d1d5b66d4090fd90d89f74e11896aa4864;p=thirdparty%2Ffreeradius-server.git

document suppress_secrets
---

diff --git a/raddb/radiusd.conf.in b/raddb/radiusd.conf.in
index e8aee3c001..55d556fa19 100644
--- a/raddb/radiusd.conf.in
+++ b/raddb/radiusd.conf.in
@@ -377,6 +377,25 @@ log {
 	#  The message when the user exceeds the Simultaneous-Use limit.
 	#
 	msg_denied = "You are already logged in - access denied"
+
+	#  Suppress "secret" attributes when printing them in debug mode.
+	#
+	#  Secrets are NOT tracked across xlat expansions.  If your
+	#  configuration puts secrets into other strings, they will
+	#  still get printed.
+	#
+	#  Setting this to "yes" means that the server prints
+	#
+	#	<<< secret >>>
+	#
+	#  instead of the value, for attriburtes which contain secret
+	#  information.  e.g. User-Name, Tunnel-Password, etc.
+	#
+	#  This configuration is disabled by default.  It is extremely
+	#  important for administrators to be able to debug user logins
+	#  by seeing what is actually being sent.
+	#
+#	suppress_secrets = no
 }
 
 #  The program to execute to do concurrency checks.