20 Dec
2019
20 Dec
'19
6:43 a.m.
On 19.12.19 23:42, Coy Hile wrote:
Is it really industry standard that people store users' passwords in cleartext? It seems to be a requirement, but it is something that gives me pause, as to do so contravenes what are otherwise best practices.
We (my employer) uses a different password for everything related to network access, meaning mainling WiFi and VPN. This password has do be different than the main account password, can only be (re)set using the main account password and is stored in a different attribute in LDAP, which freeradius then reads and puts into the Cleartext-Password attribute. Grüße, Sven.