Hiding "secret" used in for PAM authentication

John Dennis jdennis at redhat.com
Sat Nov 19 16:35:58 CET 2011

On 11/18/2011 07:33 PM, Gregory Machin wrote:
> Hi.
> We are using using PAM to authenticate users against Freeradius, an
> that is working well. The problem is that the users are 3rd party
> developers and some need root access. The issue we have is that the
> radius secret is stored in clear text file. How can this be hidden so
> that is can be misused  ?
> Is there a document on hardening Freeradius ?

Giving 3rd party users root access to servers with sensitive information 
is dumb. Nothing is protected once you have root. You need to seriously 
reconsider why anybody except a trusted small group of admins need root.

I can't seriously believe you're asking a question about hardening after 
declaring you intend to give root away. The very first rule of hardening 
is to restrict root access, all hardening efforts are a complete waste 
of time once root is compromised.

John Dennis <jdennis at redhat.com>

Looking to carve out IT costs?

More information about the Freeradius-Users mailing list