Keeping plain-text shared secret and user passwords in sql

asdf zxcv jazdatestowa at gmail.com
Tue Nov 15 22:04:38 CET 2011


I'm attempting to use freeradius to authenticate wireless network in my
organisation, using self-signed certificates.
I have installed freeradius 2.1.10 from debian 6 repository, set up basic
configuration according to instructions on freeradius.org site, finally
I've configured freeradius to use mysql.

It seems to work properly, but i wonder if it is safe to keep user password
and client secret in plaintext? I searched the lists and googled a bit, but
I can't find any information regarding this case.

So:
1 - is there a way (or sense) to hash shared secret in my database?
2 - Can I hash user passwords if I'm using eap-tls?
2a - if I'm using certificates for authentication, do I actually need to
keep user passwords? Cause it seems that they aren't used during
authentication (or I didn't find that part during debuging)

Regards
Peter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111115/01fd899c/attachment.html>


More information about the Freeradius-Users mailing list