cancel
Showing results for 
Search instead for 
Did you mean: 

Are passwords in Steelbelt radius encrypted?

michael.saw_
Regular Contributor

Are passwords in Steelbelt radius encrypted?

Hi,

Are passwords in Steelbelt radius encrypted?

5 REPLIES 5
Raveen_
Regular Contributor

Re: Are passwords in Steelbelt radius encrypted?

Hi Michael,

Yes passwords are stored in encrypted format for Native Users.

And we use MD5 encryption algorithm.

Note: If I have answered your question, you could mark this post as accepted solution, that way it would help others as well. Kudos, will be a bonus thanks!!

Regards,

Raveen

michael.saw_
Regular Contributor

Re: Are passwords in Steelbelt radius encrypted?

Hi Raveen,

Thanks.
Do you mean ALL users' passwords in SBR are encrypted?
Is there a document or kb link on this?
Raveen_
Regular Contributor

Re: Are passwords in Steelbelt radius encrypted?

Hi Michael,

Can you tell me what version and edition of SBR that you are using?

Regards,

Raveen

Raveen_
Regular Contributor

Re: Are passwords in Steelbelt radius encrypted?

Hi Michael,

Well, if you are looking for default behavior, passwords are stored in clear-text.

However, you can store the password in encrypted format, by checking the box 'Store hash of Password' in GUI.

On selecting the above said box, passwords will be hashed using MD5 algorithm.

And yes, all the passwords can be encrypted by above method.

Note: If this answers your questions, you could mark this as accepted solution, that way it would help others as well. Kudos will be bonus thanks!!

Regards,

Raveen

jtb_
Not applicable

Re: Are passwords in Steelbelt radius encrypted?

hi all,

I'm not SBR user but here is one generic comment: if you want to use any challenge-handshake protocol (CHAP/MS-CHAPv2) you can't use the passwords hashes saved with 'Store hash of Password'.

Quick google search points to comment in SBR manual (see point 6):


http://www-jnet.juniper.net/techpubs/en_US/sbr-carrier7.3.1/information-products/topic-collections/s...

  • If this user requires PAP authentication and you want to store the hash of the password in the Steel-Belted Radius Carrier database, click the Store hash of password check box. This option allows the user to authenticate using only PAP

  • If this user requires CHAP authentication, do not click the Store hash of password check box.

More info about password hashes in SBR can be find at:

SQL - http://www-jnet.juniper.net/techpubs/en_US/sbr-carrier7.3.1/information-products/topic-collections/s...

LDAP - http://www-jnet.juniper.net/techpubs/en_US/sbr-carrier7.3.1/information-products/topic-collections/s...

{enc-md5} is reversibly encrypted password format, but there is requirement for SDK ...

jtb