Radius + PostgreSQL + MD5 Passwords

Alan DeKok aland at deployingradius.com
Fri Feb 5 08:34:10 CET 2010

Phillip Smith wrote:
> My problem:
> I'm strongly against storing passwords in clear text so I want the
> passwords in PostgreSQL to be MD5 or SHA1 hashed.

  Probably salted.

 > Everything I've read through Google seems to be indicating that for
> any form of encryption to work between the client and server, that the
> database has to use clear text passwords.



> I have successfully got the FreeRADIUS + PostgreSQL combination
> working with clear text, but I can not make the move to hashed
> passwords.
> 1) It what I am trying to do possible?


> 2) If so, is it possible without any significant drawbacks?

  It limits your ability to use different authentication protocols.

> 3) Any pointers in the right direction to how to achieve what I am after?

  See "man rlm_pap".  You can use the "auto-header" thing, or just use
MD5-Password directly:

# "users" file entry:
bob	MD5-Password := 0x12345...

  Alan DeKok.

More information about the Freeradius-Users mailing list