Please HELP!!! Any ideas??? MySQL and users file... Difference???

Alan DeKok aland at ox.org
Mon Feb 27 00:45:05 CET 2006


"Alex Savguira" <savguira at gmail.com> wrote:
> OK, I understood your point, but would you be so kind to explain WHY
> do you think it is such a bad idea

  As I said before: it gains you nothing but additional complexity.
It's completely unnecessary.

> none of the network technitians on-site can abuse user's passwords
> since they are encrypted and supposedly beyound their cracking
> abilities, and both PAP and MS-CHAP should work... OK, again, it
> doesn't work NOW, but why shouldn't it? What's so evil about this
> configuration?

  Nothing is evil.  It just makes your life more difficult, and gains
you *nothing*.

>  Btw, in freeradius FAQ you, guys, claim, that PAP
> is better than CHAP because it allows storing passwords in encrypted
> form. I kinda agree with that... Why do you now claim that storing in
> clear text is better?

  If your requirement is to do MS-CHAP, you need either the clear-text
passwords, or the NT hash.

> Ok, it is less headache for me, but what about privacy rights of my users?

  That's up to you and your local legal situation.  FreeRADIUS has to
work in countries other than where you live, where laws are different.

  Alan DeKok.




More information about the Freeradius-Users mailing list