Freeradius sql module usage
Alan DeKok
aland at deployingradius.com
Tue Jul 23 16:41:37 UTC 2024
On Jul 23, 2024, at 8:21 AM, Alan Smith via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>
> A project I am working on does not allow storage of plain text passwords in the config file. That is why.
That's not what I was getting at.
Project requirements may be, or may not be realistic. In this case, the requirement "not store plain text passwords in the config" is not a realistic requirement.
Again, think about this for a second. Where is the actual password stored? How does FreeRADIUS get access to the password? How is the password secured / authenticated?
Any amount of thinking shows that this requirement is nonsense, and is security theatre. It offers *zero* additional security. It makes the system more fragile.
Perhaps you could explain in concrete terms, how is the system made more secure by not storing passwords in the config? How is any other method of getting the password more secure?
Use examples.
"I have a checklist" is not a convincing argument.
Alan DeKok.
More information about the Freeradius-Users
mailing list