We are 2 databases kind of, ldap for authentication, postgres for accounting. Ldap is Redhat IDM/FreeIPA. Credentials are encrypted and replicated over multiple instances. FR makes ldap bind with given credentials, and it is succesfull or not. In previous use-cases i used pure sql backend, but it always ended up as clear-text passwords for users, or implementation troubles. r. On 05/25/2016 06:39 PM, Laurens Vets wrote:
Hello list,
Is it possible to add additional password encryption options to FreeRADIUS so that the user database can be used as a user/password store (For instance PBKDF2 or scrypt)?
When I look at "man rlm_pap", the amount of encryption options for passwords are limited when FreeRADIUS is your only user database. I'm creating a POC where users can register for an account to use certain services (accessible via radius authentication) and I'm trying to only use the FreeRADIUS mysql database as a backend to keep it simple, but the password encryption methods aren't considered secure by today's standards.
Short of maintaining 2 databases with user information, how are people on the list handling these cases or is my use case a bit out of the ordinary? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html