Allow same user to authenticate with different passwords

Rens Houben rhouben at
Tue Dec 10 09:28:53 CET 2019

Van: Freeradius-Users < at> namens WAGHORN, Jason (NHS BORDERS) via Freeradius-Users <freeradius-users at>
Verzonden: dinsdag 10 december 2019 08:43
Aan: FreeRadius users mailing list
Onderwerp: RE: Allow same user to authenticate with different passwords

>> We are trying to allow users to authenticate with different passwords using an SQL database and freeradius version 3.0.17 (hotel scenario, where unrelated people can have the same family name).

>Perhaps I'm being strange here - but a single username with multiple passwords sounds like a security hole to me - in that if johnsmith is logging in twice because there are two "John Smith" users - how do you tell them apart in case of (for example) law enforcement request?

>Surely it's easier/better/simpler just to give everyone a unique login name? Perhaps in your hotel case use room number plus surname? So 317smith & 226smith

>From an infosec point of view this is a *terrible* idea, because it would allow a stalker or PI who knows the name of your guest to potentially figure out what room their target is in by process of elimination.

Use random names and passwords instead.


More information about the Freeradius-Users mailing list