Of accounting data and security

Alan DeKok aland at deployingradius.com
Mon Aug 9 23:14:31 CEST 2010


Natr Brazell wrote:
> Wasn't suggesting I'd use TACACS+.  I am in the process of replacing my
> customers existing TACACS+ architecture however they keep coming back to
> the ability of TACACS+ over Radius to secure, or rather, not send
> accounting data across the network in the clear.  (I assume this is the
> case)  I think I'm going to have to address this over and over again.

  The accounting data is sent in the clear on a LAN.  This shouldn't be
a problem.

  If you're sending accounting data across the Internet, use IPSec.
Don't even pretend to use anything else.  RADIUS (and TACACS+) security
is simply not as good as IPSec.

  Alan DeKok.



More information about the Freeradius-Users mailing list