Is there a best practice around credential storage?

Sven Hartge sven at svenhartge.de
Fri Dec 20 12:43:46 CET 2019


On 19.12.19 23:42, Coy Hile wrote:

> Is it really industry standard that people store users' passwords in
> cleartext? It seems to be a requirement, but it is something that gives
> me pause, as to do so contravenes what are otherwise best practices.

We (my employer) uses a different password for everything related to
network access, meaning mainling WiFi and VPN.

This password has do be different than the main account password, can
only be (re)set using the main account password and is stored in a
different attribute in LDAP, which freeradius then reads and puts into
the Cleartext-Password attribute.

Grüße,
Sven.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20191220/873aebfe/attachment.sig>


More information about the Freeradius-Users mailing list