Any passwords stored in plain text anywhere?

[chris.shelton]

Hi,

I have just come over from NAS4Free because I found out at quite a late stage that it stores all user passwords in plain text, which just isn't suitable for my situation.

Can anyone tell me if FreeNAS suffers from the same problem? Is there any file at all which stores user passwords in plain text?

Thanks, Chris.

 

[dlavigne]

Out of curiosity, which passwords are stored in plain text and where in NAS4Free?

FreeNAS stores any passwords it stores in the configuration database in an encrypted format. If you're using jails, it depends on what the application itself does with its passwords and that storage will only be in that specific jail.

 

[chris.shelton]

Out of curiosity, which passwords are stored in plain text and where in NAS4Free?

FreeNAS stores any passwords it stores in the configuration database in an encrypted format. If you're using jails, it depends on what the application itself does with its passwords and that storage will only be in that specific jail.

The config.xml file contains all user passwords in plain text, which I find ludicrous.

Thanks for your info, sounds like FreeNAS is what I need.

 

[fta]

If you use encrypted drives, the password you use to unlock them is stored in plaintext in /tmp. /tmp is in RAM so it won't survive a reboot. Some of the code does delete the password stored in /tmp, but there are cases where it doesn't so you could potentially have the password stored there until the next reboot or you do an operation that does end up deleting it.