I had to do a little digging, but I got md5 auth set up and working. Thanks for the help. I was more comfortable doing that than changing permissions on the /etc/shadow and dealing with modifying SELinux attributes.
Thanks for the help. Ben Wiechman -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, November 05, 2007 1:15 PM To: FreeRadius users mailing list Subject: RE: Security of sql md5 vs unix auth crypt, sha etc. also won't work with PEAP. Only NT-hash. Ivan Kalik Kalik Informatika ISP Dana 5/11/2007, "Ben Wiechman" <[EMAIL PROTECTED]> piše: >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of Alan >DeKok >Sent: Friday, November 02, 2007 6:42 PM >To: FreeRadius users mailing list >Subject: Re: Security of sql md5 vs unix auth > >Ben Wiechman wrote: >> Background: we use freeradius to provide AAA for our wireless hotspots. >> We would also like to use radius authentication for our layer 3 >> switches. This brings up the question of security. > > It brings up a question of limited choices. > >> Which is going to be more secure, md5 hashed passwords in MySQL, or >> storing the passwords for the switch accounts in the /etc/shadow file > > It's effectively the same from a security point of view. > >> (I >> had to set the file to world readable to allow the radiusd process to >> read the file.). > > PLEASE don't do that! The comments in radiusd.conf describe how to >*properly* let the server read /etc/shadow. > >> Or is there another, better alternative that I just >> don't know about? > > If you're doing PEAP for WiFi, you *can't* use MD5 or /etc/shadow >passwords. > > Alan DeKok. >- > >Ahh... I see the comments now about changing the group to shadow. With that >in mind it may be better to just encrypt the password. Thanks for the >pointers. > > >Ben > > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html