FreeRadius password storing

Started by klaas, April 30, 2021, 03:51:22 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 30, 2021, 03:51:22 PM
Hi,

I have a fully functioning FreeRadius OPNsense plugin running for my VPN customers, but I don't like the fact that passwords are by default stored as clear text in the /usr/local/etc/raddb/users file. I am using the VLAN and network attributes of the FreeRadius plugin, so its not an option to use an external system.

What are my options to locally store passwords hashed or encrypted on the OPNsense firewall and still be able to use Network/VLAN attribute?

/Klavs
April 30, 2021, 07:54:46 PM #1
Ideally it would be nice if it could be somehow changed to a SHA256 hash or better  ;D

testuser6 Sha2-Password := "fdf4344add3e9931cb5b487f6ea3b108ba4518507ff3a6e0a97d39625c795627"
April 30, 2021, 07:56:43 PM #2
Encrypted auth usually required plain password. Why is this a risk? No one but you should have Access to filesystem
Print
Go Up Pages1
User actions