On May 25, 2016, at 12:39 PM, Laurens Vets <laurens@daemon.be> wrote:
Hello list,
Is it possible to add additional password encryption options to FreeRADIUS so that the user database can be used as a user/password store (For instance PBKDF2 or scrypt)?
Yeah, some guy submitted code to do that, but it was awful.
When I look at "man rlm_pap", the amount of encryption options for passwords are limited when FreeRADIUS is your only user database. I'm creating a POC where users can register for an account to use certain services (accessible via radius authentication) and I'm trying to only use the FreeRADIUS mysql database as a backend to keep it simple, but the password encryption methods aren't considered secure by today's standards.
What, salted SHA512 isn't considered secure by todays standards? If you don't mind providing some test output PBKDF2 i'll see if I can fix the code I have to not be terrible... -Arran