Thank you, MartinI'm just searching for most secure way to store ipsec users credentials. So, in worst case, if server is hacked, hacker cant see passwords in cleartext.
06.11.2012 11:12, Martin Willi пишет:
Hi Dimitry,Please tell - if i will use strongswan + eap-radius + freeradius - all user passwords will be stored encrypted in mysql database?This does not depend on strongSwan, but on your clients and your RADIUS installation. If you connect Windows 7 clients with EAP-MSCHAPv2, your RADIUS backend has to provide at least the NT hashes of your passwords. That's not really safe, and a non-reversible encryption is not possible with that protocol. If you use other clients, or even our xauth-eap bridge, it depends on the used EAP method. Our EAP-GTC for example exchanges passwords (in the safely encrypted tunnel) in the clear, hence you can apply any hashing function to verify them against your hashed database entries. Regards Martin
Best Regards, Dmitry --- Dmitry KORZHEVIN System Administrator STIDIA S.A. - Luxembourg e: [email protected] m: +38 093 874 5453 w: http://www.stidia.com
smime.p7s
Description: Криптографическая подпись S/MIME
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
