Freeradius doesn't detect EAP when authenticating against MySQL
primski at gmail.com
Tue Oct 23 10:08:22 CEST 2007
On 10/23/07, Alan DeKok <aland at deployingradius.com> wrote:
> preem wrote:
> > So, what is a common practice to do this then?
> It's not.
> People store MD5 or crypt'd passwords when the ONLY authentication
> they're doing is PAP. i.e. Unix logins, where the user supplies a
> clear-text password to the authentication system.
And PAP is not very safe and smart way to go as i read it.
For many EAP types, people do NOT store MD5 or crypt'd passwords,
> because they're useless.
So, crypted passwords are usefull only in web applications? I read a lot
lately about, how one should never store passwords in clear text, i guess
that applies only to web apps.
> I understand its not very
> > safe nor sane to store passwords in clear text, thats why I wanted to
> > that, however it seems inevitable.
> It is safe, sane, and common practice to store passwords in clear text.
I do not have many experience with this, in fact its my first project on the
> I am managing a wired network for some 300 users, its a student dorm and
> > university owns the network and they require authentication for the ease
> > management and control. 802.1x felt like the right way to go, because we
> > planning some wireless access points as well. There are HP's Procurve
> > switches in use. I choose mysql db backend, because I also created set
> > PHP scripts, where users can change their passwords and admin can
> > add/del/modify user info.
> > So what can one do to avoid storing passes in clear text or is it sane
> > enough? The server also serves some web pages and dhcp requests.
> Ensure that no one has physical access to the system storing the
> passwords. Ensure that no one has network access to the system storing
> the passwords.
That will be no problem, since I'm the only one with physical access.
I would also suggest running the RADIUS server and/or the MySQL server
> with passwords on a separate machine from the web/dhcp server. That
> way, if someone breaks into the web server, they won't have access to
> the passwords.
I am using VMWare server, so that won't require much work.
> List info/subscribe/unsubscribe? See
Thanks again, for clearing this up.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Freeradius-Users