cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
- From: "Rademaker,Hans J.G." <h.rademaker AT fontys.nl>
- To: Stefan Winter <stefan.winter AT restena.lu>, "cat-users AT lists.geant.org" <cat-users AT lists.geant.org>
- Cc: "Visser,Ramon R.D." <r.visser AT fontys.nl>
- Subject: Re: [[cat-users]] security fix clear text password in linux script eduroam
- Date: Mon, 18 Dec 2017 21:14:04 +0000
- Accept-language: en-GB, en-US
Hello Stefan,
The man page is a very short summary. And it does not say it's not suitable
for passwords either. It only seems to hash the authentication input, wether
it is a psk or password seems irrelevant to my logical reasoning, but hey
that's only me.
I am using it for some years now, at fontys. With eduroam, and before that
with our fontys essid, it's configured the same way as eduroam is.
But don't throw it out in the open on only my account, it still needs to be
tested at your end.
And looking at your man page I stumbeled over a familiar link:
https://wiki.archlinux.org/index.php/WPA_supplicant
and then at the end of the article starting from "Password-related problems"
There it is advised to use wpa_cli. So there is a more reliable method. I can
see if I can script something but probably not before february. I'll get
back to you if I have something.
And reading a bit further:
Ensure that your config uses
phase2="auth=MSCHAPV2"
Maybe have a look at line 381?
Met vriendelijke groet,
[fontys.png]<http://www.fontys.nl/>
Hans Rademaker • Dienst IT • Fontys Hogescholen
[linux.png]
Ik werk niet op vrijdag • 0885073070
Handleidingen en handige links:
Handleidingen<https://connect.fontys.nl/diensten/IT/handleidingen> •
Leslokalen<https://connect.fontys.nl/diensten/IT/handleidingen/Paginas/Audio_visuele_middelen.aspx>
• Office Hulp<https://support.office.com/nl-be> •
Webwinkel<https://connect.fontys.nl/diensten/IT/it-webwinkel> •
Storingen<https://allesoverict.fontys.nl/pages/StoringenOnderhoud.aspx> •
Office365-Training<https://support.office.com/nl-nl/article/Office-trainingscentrum-b8f02f81-ec85-4493-a39b-4c48e6bc4bfb?ui=nl-NL&rs=nl-NL&ad=NL>
On 18-12-17 16:46, Stefan Winter wrote:
Hi,
A colleague of me has made an suggestion for an more secure Linux
configuration in case the first option based with python script fails.
I tried to translate his explanation: in case the first method fails the
tools starts a second procedure with shell scripting.
With this method the password is stored in plaintext in the
wpa_supplicant config file. Users are informed about this during the
installation.
Following my colleague there is an standard tool included in the
wpa_supplicant suite which can hash the password in the component
"wpa_passphrase".
This has been added in rules 407 en 420 of the attachment.
This doesn't look correct to me: the manpage of wpa_passphrase speaks of
WPA2-PSK and not about user passwords:
man 8 wpa_passphrase:
wpa_passphrase - Generate a WPA PSK from an ASCII passphrase for a SSID
Can this be helpful for the developers?
If it were assured that this function actually works with user
passwords, not PSKs, then maybe.
What makes you think so? Does this really *work*?
Greetings,
Stefan Winter
========================================================== Op deze e-mail
zijn de volgende voorwaarden van toepassing: http://www.fontys.nl/disclaimer
The above disclaimer applies to this e-mail message.
- [[cat-users]] security fix clear text password in linux script eduroam, Visser,Ramon R.D., 12/18/2017
- Re: [[cat-users]] security fix clear text password in linux script eduroam, Stefan Winter, 12/18/2017
- Re: [[cat-users]] security fix clear text password in linux script eduroam, Tomasz Wolniewicz, 12/18/2017
- Re: [[cat-users]] security fix clear text password in linux script eduroam, Alan Buxey, 12/18/2017
- Re: [[cat-users]] security fix clear text password in linux script eduroam, Rademaker,Hans J.G., 12/18/2017
- Re: [[cat-users]] security fix clear text password in linux script eduroam, Stefan Winter, 12/19/2017
- Re: [[cat-users]] security fix clear text password in linux script eduroam, Stefan Winter, 12/19/2017
- Re: [[cat-users]] security fix clear text password in linux script eduroam, Rademaker,Hans J.G., 12/19/2017
- Re: [[cat-users]] security fix clear text password in linux script eduroam, Stefan Winter, 12/19/2017
- Re: [[cat-users]] security fix clear text password in linux script eduroam, Alan Buxey, 12/19/2017
- Re: [[cat-users]] security fix clear text password in linux script eduroam, Stefan Winter, 12/19/2017
- Re: [[cat-users]] security fix clear text password in linux script eduroam, Tomasz Wolniewicz, 12/18/2017
- Re: [[cat-users]] security fix clear text password in linux script eduroam, Stefan Winter, 12/18/2017
Archive powered by MHonArc 2.6.19.