Password and Password-Hash Saving

To perform session security with user accounts that are remotely authenticated via LDAP/RADIUS/TACACS+, the initial authentication must use one of the HTTP Basic Access or Public Key authentication schemes. With these, the client sends the user’s password to the SonicWall, and it can then save it for the lifetime of the session and use it for session security validation. If RFC-7617’s Session Variant is used then, rather than storing the actual password in its internal memory, the SonicWall stores a more secure irreversible hash of it. The client must then calculate its digest hash accordingly, as per the RFC.