Project

General

Profile

Actions

Feature #8835

closed

FreeRADIUS Package - Don't store passwords as cleartext in users file

Added by vistalba none over 5 years ago. Updated over 5 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
FreeRADIUS
Target version:
-
Start date:
08/26/2018
Due date:
% Done:

0%

Estimated time:
Plus Target Version:

Description

If a user is created in the FreeRadius GUI the password is stored as cleartext in "/usr/local/etc/raddb/users".

That is not a secure way to handle with passwords. There should be a solution that passwords are stored encrypted.

Example:

"user1" Cleartext-Password := "highsecure-password1234" 

        Tunnel-Type = VLAN,
        Tunnel-Medium-Type = IEEE-802,
        Tunnel-Private-Group-ID = "42" 

Actions #1

Updated by Jim Pingle over 5 years ago

  • Status changed from New to Rejected

Even if they were encrypted before being put in there, they are still in plain text in config.xml. If you don't like that, set the user password to MD5-Password and put the hash in and not the actual password in FreeRADIUS.

Keeping them plaintext in config.xml but encrypting/hashing them in the users file would be pointless. Additionally, some features like EAP-MD5 require FreeRADIUS to know the plaintext password.

Actions

Also available in: Atom PDF