About the plain text shared_secret of the pam_radius client

FreeRADIUS / pam_radius

This is the PAM to RADIUS authentication module. It allows any Linux, OSX or Solaris machine to become a RADIUS client for authentication and password change requests.

GNU General Public License v2.0

103 stars 90 forks source link

About the plain text shared_secret of the pam_radius client #46

Closed gailehehe closed 4 years ago

gailehehe commented 4 years ago

The plain text shared_secret is recorded in /etc/raddb/server of the pam_radius client. I am worried about the security of the plain text shared key, Although I have strengthened the file permissions. So is there any other more secure way to connect? Thank you!

alandekok commented 4 years ago

The secret has to be stored somewhere. There is no "perfect" place for it.