Keeping plain-text shared secret and user passwords in sql

[asdf zxcv]

Thanks Alan, Sven.

SQL server is on the same virtual machine with freeradius. I'm also
creating a web application to manage users, certificates, server settings
etc - it will be hosted on the same machine.

I just thought that keeping ANY passwords ANYWHERE in plaintext form is not
a good idea. But then again, if someone gains access to my server then in
fact he could do anything and password would not matter.

> 2 - Can I hash user passwords if I'm using eap-tls?
> > 2a - if I'm using certificates for authentication, do I actually need to
> > keep user passwords? Cause it seems that they aren't used during
> > authentication (or I didn't find that part during debuging)
>
> If 2a, then no, as the certificate is the only needed credential of a
> user/system, no username/password involved.
>
>
Thats good and bad.
- Good, cause it simplifies initial implementation a bit.
- Bad, because I was counting i could do something like double
authentication - user/password after cert verification.

But in that case, is there any way to 'disable' users key in case i don't
want him to access my network?
What if I need to generate new user certificate as a replacement to the old
one that has been lost/stolen etc?

I can give 'Expiration' attribute to the account, but that doesn't solve
the case, as I want to give the same user a new key.

Any ideas?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111116/3217f004/attachment.html>