Adding additional password encryption options

Rasto Rickardt phobie at
Thu May 26 10:04:04 CEST 2016

We are 2 databases kind of, ldap for authentication, postgres for

Ldap is Redhat IDM/FreeIPA. Credentials are encrypted and replicated
over multiple instances. FR makes ldap bind with given credentials, and
it is succesfull or not.

In previous use-cases i used pure sql backend, but it always ended up as
clear-text passwords for users, or implementation troubles.

On 05/25/2016 06:39 PM, Laurens Vets wrote:
> Hello list,
> Is it possible to add additional password encryption options to
> FreeRADIUS so that the user database can be used as a user/password
> store (For instance PBKDF2 or scrypt)?
> When I look at "man rlm_pap", the amount of encryption options for
> passwords are limited when FreeRADIUS is your only user database. I'm
> creating a POC where users can register for an account to use certain
> services (accessible via radius authentication) and I'm trying to only
> use the FreeRADIUS mysql database as a backend to keep it simple, but
> the password encryption methods aren't considered secure by today's
> standards.
> Short of maintaining 2 databases with user information, how are people
> on the list handling these cases or is my use case a bit out of the
> ordinary?
> -
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list