Adding additional password encryption options

Arran Cudbard-Bell a.cudbardb at
Wed May 25 20:12:53 CEST 2016

> On May 25, 2016, at 12:39 PM, Laurens Vets <laurens at> wrote:
> Hello list,
> Is it possible to add additional password encryption options to FreeRADIUS so that the user database can be used as a user/password store (For instance PBKDF2 or scrypt)?

Yeah, some guy submitted code to do that, but it was awful.

> When I look at "man rlm_pap", the amount of encryption options for passwords are limited when FreeRADIUS is your only user database. I'm creating a POC where users can register for an account to use certain services (accessible via radius authentication) and I'm trying to only use the FreeRADIUS mysql database as a backend to keep it simple, but the password encryption methods aren't considered secure by today's standards.

What, salted SHA512 isn't considered secure by todays standards?

If you don't mind providing some test output PBKDF2 i'll see if I can fix the code I have to not be terrible...

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <>

More information about the Freeradius-Users mailing list