Actions
Feature #8835
closed
FreeRADIUS Package - Don't store passwords as cleartext in users file
Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
FreeRADIUS
Target version:
-
Start date:
08/26/2018
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Description
If a user is created in the FreeRadius GUI the password is stored as cleartext in "/usr/local/etc/raddb/users".
That is not a secure way to handle with passwords. There should be a solution that passwords are stored encrypted.
Example:
"user1" Cleartext-Password := "highsecure-password1234"
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-ID = "42"
Updated by Jim Pingle about 6 years ago
- Status changed from New to Rejected
Even if they were encrypted before being put in there, they are still in plain text in config.xml. If you don't like that, set the user password to MD5-Password and put the hash in and not the actual password in FreeRADIUS.
Keeping them plaintext in config.xml but encrypting/hashing them in the users file would be pointless. Additionally, some features like EAP-MD5 require FreeRADIUS to know the plaintext password.
Actions