Authentication protocols that DO support hashed passwords
Alan DeKok
aland at deployingradius.com
Mon Nov 10 20:05:49 CET 2014
E.S. Rosenberg wrote:
> Which in turn links to a nice page by Alan DeKok here:
> http://deployingradius.com/documents/protocols/compatibility.html
>
> Which left me asking myself 2 questions:
> 1. Did anything change in the past 5 years, is there any decently
> supported protocol that does support hashed passwords (other then
> PAP)?
MD5 etc. hasn't changed in the last 5 years. So the table (and
conclusions) haven't changed either.
> 2. How can it be that all these protocols were designed with the idea
> that the auth server should have a cleartext copy of the users'
> password, haven't we all known for years now that that's a bad idea?
Because different people have different needs. And most people don't
think about RADIUS until it's too late to change their password storage
method.
Alan DeKok.
More information about the Freeradius-Users
mailing list