Hi Dimitry, > Please tell - if i will use strongswan + eap-radius + freeradius - all > user passwords will be stored encrypted in mysql database?
This does not depend on strongSwan, but on your clients and your RADIUS installation. If you connect Windows 7 clients with EAP-MSCHAPv2, your RADIUS backend has to provide at least the NT hashes of your passwords. That's not really safe, and a non-reversible encryption is not possible with that protocol. If you use other clients, or even our xauth-eap bridge, it depends on the used EAP method. Our EAP-GTC for example exchanges passwords (in the safely encrypted tunnel) in the clear, hence you can apply any hashing function to verify them against your hashed database entries. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
