Hi to all, I have successfully installed secure2 with 3Com WX1200 switch and AP 3Com 2750, with authentication PEAP-EAP/MSCHAPv2. Authentication radius ask to mysql tables the credentials stored in plain text. Now, my problem is: I don't like plain text password in my MySQL Table. So I ask you. Which is the possible scenario to have crypted password stored in MySQL. Thank you Alessandro Agostini
Hi!
I have successfully installed secure2 with 3Com WX1200 switch and AP 3Com 2750, with authentication PEAP-EAP/MSCHAPv2. Authentication radius ask to mysql tables the credentials stored in plain text. Now, my problem is: I don't like plain text password in my MySQL Table. So I ask you. Which is the possible scenario to have crypted password stored in MySQL.
Since SecureW2 can use TTLS, you have a variety of options for encrypting passwords in your MySQL table. You may want to use unix crypt, MD5 hash passwords etc. The only difference is that the statement in SQL is not User-Password := whatever but Crypt-Password := someweirdstring (according to the crypto scheme you chose) Keep in mind though that when using one-way crypted passwords it is not possible any more to switch back to PEAP - since PEAP transports CHAP encrypted challenges, the SQL backend needs to have clear text passwords. Greetings, Stefan Winter -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung & Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: stefan.winter@restena.lu Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473
Stefan Winter ha scritto:
Hi! ...
Since SecureW2 can use TTLS, you have a variety of options for encrypting passwords in your MySQL table. You may want to use unix crypt, MD5 hash passwords etc. The only difference is that the statement in SQL is not
User-Password := whatever but Crypt-Password := someweirdstring (according to the crypto scheme you chose)
Ok. Now I have two demo one with clear text passwd and one with crypted password. However I can't authenticate it. What I need to change in radius.conf or eap.conf ? I have modified "radius.conf": pap { encryption_scheme = md5 (was crypt) } in eap.conf default_eap_type = md5 (was) default_eap_type = peap I have crypted password with MD5. Thanks Alessandro
Hi,
Ok. Now I have two demo one with clear text passwd and one with crypted password. However I can't authenticate it. What I need to change in radius.conf or eap.conf ? I have modified "radius.conf": pap { encryption_scheme = md5 (was crypt) }
Okay.
in eap.conf default_eap_type = md5
(was) default_eap_type = peap
Not okay. Crypto Scheme MD5 and EAP-Type MD5 have nothing to do with each other. Use default_eap_type = ttls and configure SecureW2 to do EAP-TTLS. Then try again, that might solve the issue already. Stefan -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung & Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: stefan.winter@restena.lu Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473
participants (2)
-
Alessandro Agostini -
Stefan Winter