Freeradius doesn't detect EAP when authenticating against MySQL

Alan DeKok aland at
Tue Oct 23 10:32:48 CEST 2007

primoz wrote:
> And PAP is not very safe and smart way to go as i read it.

  PAP is fine for RADIUS.

> So, crypted passwords are usefull only in web applications?

  That's not at all what I said.  I specifically mentioned Unix logins.
 Crypt'd passwords are useful only for PAP.  There are many, many, kinds
of systems using clear-text passwords (i.e. PAP) for authentication.

> I read a lot
> lately about, how one should never store passwords in clear text, i
> guess that applies only to web apps.

  No.  It's written by people who either don't understand security, OR
aren't using EAP methods.  Again, if all you're doing is PAP, then
crypt'd passwords are OK.  If you need EAP, you also need clear-text

  Stop trying to apply comments from web application "how-to's" to
RADIUS.  They're not the same, and the security analysis is not the same.

>       It is safe, sane, and common practice to store passwords in clear
>     text.
> I do not have many experience with this, in fact its my first project on
> the matter.

  Then why are you questioning the answers you get here?

  Alan DeKok.

More information about the Freeradius-Users mailing list