Adding additional password encryption options
Rasto Rickardt
phobie at axfr.org
Thu May 26 10:04:04 CEST 2016
We are 2 databases kind of, ldap for authentication, postgres for
accounting.
Ldap is Redhat IDM/FreeIPA. Credentials are encrypted and replicated
over multiple instances. FR makes ldap bind with given credentials, and
it is succesfull or not.
In previous use-cases i used pure sql backend, but it always ended up as
clear-text passwords for users, or implementation troubles.
r.
On 05/25/2016 06:39 PM, Laurens Vets wrote:
> Hello list,
>
> Is it possible to add additional password encryption options to
> FreeRADIUS so that the user database can be used as a user/password
> store (For instance PBKDF2 or scrypt)?
>
> When I look at "man rlm_pap", the amount of encryption options for
> passwords are limited when FreeRADIUS is your only user database. I'm
> creating a POC where users can register for an account to use certain
> services (accessible via radius authentication) and I'm trying to only
> use the FreeRADIUS mysql database as a backend to keep it simple, but
> the password encryption methods aren't considered secure by today's
> standards.
>
> Short of maintaining 2 databases with user information, how are people
> on the list handling these cases or is my use case a bit out of the
> ordinary?
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list