[strongSwan] eap-radius

Dmitry Korzhevin dmitry.korzhevin at stidia.com
Tue Nov 6 13:54:22 CET 2012

Thank you, Martin

I'm just searching for most secure way to store ipsec users credentials. 
So, in worst case, if server is hacked, hacker cant see passwords in 

06.11.2012 11:12, Martin Willi пишет:
> Hi Dimitry,
>> Please tell - if i will use strongswan + eap-radius + freeradius - all
>> user passwords will be stored encrypted in mysql database?
> This does not depend on strongSwan, but on your clients and your RADIUS
> installation. If you connect Windows 7 clients with EAP-MSCHAPv2, your
> RADIUS backend has to provide at least the NT hashes of your passwords.
> That's not really safe, and a non-reversible encryption is not possible
> with that protocol.
> If you use other clients, or even our xauth-eap bridge, it depends on
> the used EAP method. Our EAP-GTC for example exchanges passwords (in the
> safely encrypted tunnel) in the clear, hence you can apply any hashing
> function to verify them against your hashed database entries.
> Regards
> Martin

Best Regards,

System Administrator
STIDIA S.A. - Luxembourg

e: dmitry.korzhevin at stidia.com
m: +38 093 874 5453
w: http://www.stidia.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4488 bytes
Desc: ���������������������������������� �������������� S/MIME
URL: <http://lists.strongswan.org/pipermail/users/attachments/20121106/88435054/attachment.bin>

More information about the Users mailing list