FreeRADIUS without Universal Password

Jason C Brown jasonbrown at
Thu Feb 5 17:44:37 CET 2009

I had to ask, I have people telling me that this is a limitation of  
only FreeRADIUS and not all RADIUS servers in general.  There is a  
concern that the UP is being stored in clear text in Novell and we  
need to turn off that service and only use simple password.  Since I  
am no Novell admin I really do not have a clue if we can encrypt the  
UP that is stored on the server or what other implications there are  
in turning off UP.

Jason Brown - RHCT, Security+, Linux+, Network+
Systems Administrator
Enterprise Technology Services
Ferris State University
(231) 591-2687

On Feb 5, 2009, at 1:48 AM, Alan DeKok wrote:

> Jason C Brown wrote:
>> Do you by chance know if every RADIUS server acts the same way?  For
>> instance would Steel Belted RADIUS require the use of UP as well?
>  Please read this explanation again:
>>> The Novell password is not stored as an attribute unless Universal
>>> password is enabled. It exists in eDirectory, can be created/ 
>>> modified by
>>> ldap as userpassword but cannot be returned in an ldap search.
>  The password can't be seen by *any* RADIUS server until it's stored  
> as
> a Universal password.
>  This is a limitation of Novell's LDAP server, and applies to all LDAP
> clients, whether they are RADIUS servers, command-line clients, web
> servers, or anything else.
>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list