Allow same user to authenticate with different passwords
rhouben at systemec.nl
Tue Dec 10 09:28:53 CET 2019
Van: Freeradius-Users <freeradius-users-bounces+rhouben=systemec.nl at lists.freeradius.org> namens WAGHORN, Jason (NHS BORDERS) via Freeradius-Users <freeradius-users at lists.freeradius.org>
Verzonden: dinsdag 10 december 2019 08:43
Aan: FreeRadius users mailing list
CC: WAGHORN, Jason (NHS BORDERS)
Onderwerp: RE: Allow same user to authenticate with different passwords
>> We are trying to allow users to authenticate with different passwords using an SQL database and freeradius version 3.0.17 (hotel scenario, where unrelated people can have the same family name).
>Perhaps I'm being strange here - but a single username with multiple passwords sounds like a security hole to me - in that if johnsmith is logging in twice because there are two "John Smith" users - how do you tell them apart in case of (for example) law enforcement request?
>Surely it's easier/better/simpler just to give everyone a unique login name? Perhaps in your hotel case use room number plus surname? So 317smith & 226smith
>From an infosec point of view this is a *terrible* idea, because it would allow a stalker or PI who knows the name of your guest to potentially figure out what room their target is in by process of elimination.
Use random names and passwords instead.
More information about the Freeradius-Users