On 10/23/07, Alan DeKok <[EMAIL PROTECTED]> wrote: > > preem wrote: > > So, what is a common practice to do this then? > > It's not. > > People store MD5 or crypt'd passwords when the ONLY authentication > they're doing is PAP. i.e. Unix logins, where the user supplies a > clear-text password to the authentication system.
And PAP is not very safe and smart way to go as i read it. For many EAP types, people do NOT store MD5 or crypt'd passwords, > because they're useless. So, crypted passwords are usefull only in web applications? I read a lot lately about, how one should never store passwords in clear text, i guess that applies only to web apps. > I understand its not very > > safe nor sane to store passwords in clear text, thats why I wanted to > avoid > > that, however it seems inevitable. > > It is safe, sane, and common practice to store passwords in clear text. I do not have many experience with this, in fact its my first project on the matter. > I am managing a wired network for some 300 users, its a student dorm and > the > > university owns the network and they require authentication for the ease > of > > management and control. 802.1x felt like the right way to go, because we > are > > planning some wireless access points as well. There are HP's Procurve > 2650 > > switches in use. I choose mysql db backend, because I also created set > of > > PHP scripts, where users can change their passwords and admin can > > add/del/modify user info. > > So what can one do to avoid storing passes in clear text or is it sane > > enough? The server also serves some web pages and dhcp requests. > > Ensure that no one has physical access to the system storing the > passwords. Ensure that no one has network access to the system storing > the passwords. That will be no problem, since I'm the only one with physical access. I would also suggest running the RADIUS server and/or the MySQL server > with passwords on a separate machine from the web/dhcp server. That > way, if someone breaks into the web server, they won't have access to > the passwords. I am using VMWare server, so that won't require much work. Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html Thanks again, for clearing this up. primski
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
