Security

Hello,

 

When I go in CPPM under Identity - Guest Users and edit a guest, I can see his password in clear. Is there a way to change this and hide or encrypt (better) the password so the admin can't see it ?

Thanks

 

Dimitri

There is an option under Guest Manager that says Show guest password or something similar. Under Operator roles you can also limit what the operator can see.

It's done but I can still see the password in Policy Manager.

Yea - I see this too. Seems they forgot this part when merging the two products (or I'm missing something.. :). As far as I can tell there is no way to remove the ability to see the password for the Operators in the CPPM GUI.

 

TAC case and/or create a feature request.

Ok, so TAC case and/ feature request done.

 

Dimitri

Although the post says it has been solved, there is still no solution for this issue. Will this be included in future releases for clearpass?

Lets see if I can start a fire storm here. :)

This has always been a debate on the forums. Coming from a security background I understand the concerns and have always told everyone best practice is to not use their secure passwords on a GUEST network.

But.... The main thing that is always brought up is "that those are guest accounts" and if it was a concern then the admins should force employees to use a secure connection where the passwords reside on the AD or backend source and deny access to the guest SSID. Which can be done with Clearpass.

If the admins are only managing guest accounts then you can set it up so they can only connect to the guest side and with no access to passwords set in their profile. That is one of the advantages of having two separate interfaces.

This has been talked about with engineering and a feature request has been filed.