Security

Reply
Regular Contributor I
Posts: 279
Registered: ‎02-11-2013

Encrypted password in CPPM

Hello,

 

When I go in CPPM under Identity - Guest Users and edit a guest, I can see his password in clear. Is there a way to change this and hide or encrypt (better) the password so the admin can't see it ?


Thanks

 

Dimitri

MVP
Posts: 517
Registered: ‎05-11-2011

Re: Encrypted password in CPPM

There is an option under Guest Manager that says Show guest password or something similar. Under Operator roles you can also limit what the operator can see.

Regards
John Solberg

-ACMX #316 :: ACCP-
Intelecom - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Regular Contributor I
Posts: 279
Registered: ‎02-11-2013

Re: Encrypted password in CPPM

It's done but I can still see the password in Policy Manager.

MVP
Posts: 517
Registered: ‎05-11-2011

Re: Encrypted password in CPPM

Yea - I see this too. Seems they forgot this part when merging the two products (or I'm missing something.. :). As far as I can tell there is no way to remove the ability to see the password for the Operators in the CPPM GUI.

 

TAC case and/or create a feature request.


Regards
John Solberg

-ACMX #316 :: ACCP-
Intelecom - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Regular Contributor I
Posts: 279
Registered: ‎02-11-2013

Re: Encrypted password in CPPM

Ok, so TAC case and/ feature request done.

 

Dimitri

New Contributor
Posts: 1
Registered: ‎09-05-2013

Re: Encrypted password in CPPM

Although the post says it has been solved, there is still no solution for this issue. Will this be included in future releases for clearpass?

Aruba
Posts: 1,542
Registered: ‎06-12-2012

Re: Encrypted password in CPPM

Lets see if I can start a fire storm here. :)

This has always been a debate on the forums. Coming from a security background I understand the concerns and have always told everyone best practice is to not use their secure passwords on a GUEST network.

But.... The main thing that is always brought up is "that those are guest accounts" and if it was a concern then the admins should force employees to use a secure connection where the passwords reside on the AD or backend source and deny access to the guest SSID. Which can be done with Clearpass.

If the admins are only managing guest accounts then you can set it up so they can only connect to the guest side and with no access to passwords set in their profile. That is one of the advantages of having two separate interfaces.

This has been talked about with engineering and a feature request has been filed.
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Search Airheads
Showing results for 
Search instead for 
Did you mean: