Security of sql md5 vs unix auth
Alan DeKok
aland at deployingradius.com
Sat Nov 3 00:41:31 CET 2007
Ben Wiechman wrote:
> Background: we use freeradius to provide AAA for our wireless hotspots.
> We would also like to use radius authentication for our layer 3
> switches. This brings up the question of security.
It brings up a question of limited choices.
> Which is going to be more secure, md5 hashed passwords in MySQL, or
> storing the passwords for the switch accounts in the /etc/shadow file
It's effectively the same from a security point of view.
> (I
> had to set the file to world readable to allow the radiusd process to
> read the file…).
PLEASE don't do that! The comments in radiusd.conf describe how to
*properly* let the server read /etc/shadow.
> Or is there another, better alternative that I just
> don’t know about?
If you're doing PEAP for WiFi, you *can't* use MD5 or /etc/shadow
passwords.
Alan DeKok.
More information about the Freeradius-Users
mailing list