pam_radius_auth issue
Mircea Harapu
mircea.harapu at rcs-rds.ro
Thu Jul 20 14:09:10 CEST 2006
> > I'm trying to make a ssh authentication with pam_radius_auth +
freeradius +
> > ldap
> > The problem is that radius is sending the password to ldap in clear and
not
> > crypted with CRYPT as configured in ldap module .
>
> Huh? pam_radius_auth sends the password to FreeRADIUS in the clear,
> because that's what it does. FreeRADIUS sends this to LDAP because
> LDAP doesn't understand anything else.
sending passwords in clear in a network is not secure . pam_radius_auth does
have
md5 crypting capabilities . that's why you need to set radius key .
>
> And there is NO configuration in the LDAP module to send the
> password in crypted form. I think you're mistaking the configuration
> that *reads* the password from LDAP for something else.
auto_header = yes
that means that it checks for encryption types .
right now my passwords in LDAP are stored crypted .
for cisco equipments works perfect .
>
> And in any case, you haven't said why it's a problem. LDAP gets a
> clear-text password. So? That's how everyone else uses LDAP. Why is
> this wrong for you? What problems does it cause?
Using passwords in clear is a lack of security and I don't belive that
everyone is doing that!
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list