Is there a best practice around credential storage?

Alan DeKok aland at
Fri Dec 20 13:41:16 CET 2019

On Dec 20, 2019, at 6:43 AM, Sven Hartge <sven at> wrote:
> On 19.12.19 23:42, Coy Hile wrote:
>> Is it really industry standard that people store users' passwords in
>> cleartext? It seems to be a requirement, but it is something that gives
>> me pause, as to do so contravenes what are otherwise best practices.
> We (my employer) uses a different password for everything related to
> network access, meaning mainling WiFi and VPN.

  That works, but it pushes the complexity of password management onto the users.  And users are dumb.

  i.e. *I* don't want to punish myself by having different passwords for different services.  I can't remember them, it's a PITA to manage, and I have better things to do with my time.

  Since it's not worth my time, then I believe that other people shouldn't do it, either.

  For me, I just use client certificates everywhere.  It's supported for EAP, and for all reasonable VPNs.

  Alan DeKok.

More information about the Freeradius-Users mailing list