CentOS OpenLDAP pwdReset Attribute

Michael Ströder michael at stroeder.com
Tue Oct 26 22:00:07 CEST 2021

On 10/26/21 21:28, Marek Zarychta wrote:
> but I still believe that
> MD4 hash is more GDPR conformant than Cleartext-Password ;)

Basically the NT-Password-Hash is used as a shared secret in a 
challenge-response protocol. The hashing is just used as a key 
derivation function.

=> So you have to protect it just like a clear-text password.

Ciao, Michael.

More information about the Freeradius-Users mailing list