plugins icon indicating copy to clipboard operation
plugins copied to clipboard

Published 20 hours ago verified publisher icon opnsense

net/freeradius: Support NT hash of user password

Open stuart-mclaren opened this issue 1 year ago • 2 comments

To improve security provide an "advanced" option to avoid storing users' radius passwords in plaintext.

The default behaviour is unchanged.

Tested using an openwrt access point as a client with the opnsense freeradius plugin set to use PEAP.

Compare: https://github.com/pfsense/FreeBSD-ports/pull/822

stuart-mclaren avatar Feb 19 '24 22:02 stuart-mclaren

I'm not against this, but it should be noted that an NT hash is almost the same risk as a plain password these days.

Asked maintainer for feedback.

Cheers, Franco

fichtner avatar Feb 19 '24 23:02 fichtner

User model version bumped.

stuart-mclaren avatar Feb 20 '24 10:02 stuart-mclaren

Thanks for your reviews.

Is this ok as-is? Or are there more changes needed?

stuart-mclaren avatar Mar 28 '24 22:03 stuart-mclaren

Looks good :)

mimugmail avatar Mar 29 '24 06:03 mimugmail