Is there a best practice around credential storage?
sven at svenhartge.de
Fri Dec 20 14:39:25 CET 2019
On 20.12.19 13:53, Alan DeKok wrote:
> Using multiple passwords doesn't really help. If the DB is compromised, then *all* passwords are compromised.
Unless you store the password for freeradius in a different
database/LDAP server/$whatever from the main password.
This is what I do. The LDAP servers for the network password are
separate from the main authentication servers and the RADIUS servers can
only interact with their special LDAP servers.
Should the RADIUS servers somehow get compromised, the attacked can only
read the lower-value network password from there and not everything else.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the Freeradius-Users