Actions
Feature #8835
closedFreeRADIUS Package - Don't store passwords as cleartext in users file
Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
FreeRADIUS
Target version:
-
Start date:
08/26/2018
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Description
If a user is created in the FreeRadius GUI the password is stored as cleartext in "/usr/local/etc/raddb/users".
That is not a secure way to handle with passwords. There should be a solution that passwords are stored encrypted.
Example:
"user1" Cleartext-Password := "highsecure-password1234" Tunnel-Type = VLAN, Tunnel-Medium-Type = IEEE-802, Tunnel-Private-Group-ID = "42"
Updated by Jim Pingle over 6 years ago
- Status changed from New to Rejected
Even if they were encrypted before being put in there, they are still in plain text in config.xml
. If you don't like that, set the user password to MD5-Password and put the hash in and not the actual password in FreeRADIUS.
Keeping them plaintext in config.xml but encrypting/hashing them in the users file would be pointless. Additionally, some features like EAP-MD5 require FreeRADIUS to know the plaintext password.
Actions