[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: BillMax questions -- Plaintext Password

To: Scott Rothgaber <scott@easley.net>
Subject: Re: BillMax questions -- Plaintext Password
From: Jeff LaCoursiere <jeff@jeff.net>
Date: Fri, 9 Aug 2002 08:07:58 -0500 (CDT)
cc: questions@billmax.com
In-Reply-To: <3D537FBD.29235.3B386E73@localhost>
Sender: owner-questions@billmax.com

CHAP does require plaintext passwords on the server, but PAP does not,
which is why we stuck with PAP.  I wouldn't call being forced to keep
plaintext passwords on my server a "bonus"!

As far as having an account on the system goes you don't have to give them
any kind of access, just need a place (and a DB) to store the encrypted
password.  Make their shell /nonexistant.  Your plaintext users file is
very inefficient at answering authentication requests, so even if you
decide to store plaintext passwords I hope you are at least using the db
option.

There are many downsides to storing the unencrypted passwords on your
server.  The largest one for me was that MY password would have been
sitting there, and I would rather not have my staff pretending to me at a
whim, and have to maintain a seperate password for my dialup access
because I know how insecure it is.  That goes directly into the liability
of your staff having customer passwords, and what mischief might be caused
from it.  I really hate plaintext passwords, if you haven't guessed by
now.  If there is a way to do the work encrypted, it is always the way to
go.

Thanks,

j

On Fri, 9 Aug 2002, Scott Rothgaber wrote:

> On 9 Aug 2002, at 6:09, Jeff LaCoursiere wrote:
> 
> > Why must it be in plaintext on your radius server?
> 
> If I'm not mistaken, it is required to support both PAP and 
> CHAP. I buy dialup from Qwest and UUNet and I have to do it this 
> way. Another bonus of doing it this way is that these folks do 
> not need an "account" on the RADIUS box.
> 
> --
> * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
> *                                                       *
> *  Easley Internet Solutions              864.616.6040  *
> *  Easley, SC  USA                   Fax: 864.855.7167  *
> *  http://www.easley.net/            AIM:     ExCavSGT  *
> *                                                       *
> * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
> 
> 
> 

-----------------------------------------------------------------------------
To unsubscribe from the "BillMax Questions" mailing list, please
send a message to "majordomo@billmax.com" with "unsubscribe questions"
in the message body. The message must be sent from the exact email
address on the list.

Prev by Date: Re: BillMax questions -- Plaintext Password
Next by Date: Re: BillMax questions -- BM 2.0.1
Prev by thread: Re: BillMax questions -- Has anyone lost records in payhist before?
Next by thread: RE: BillMax questions -- Plaintext Password
Index(es):
- Date
- Thread