pam_radius_auth.so authentication algorithm

Oussama BOUNAIM o.bounaim at gmail.com
Fri Oct 20 17:20:24 CEST 2017


Thanks Alan :)

I have done a tcpdump capture and the username is sent in clear with what
it seems to be a simple MD5 hash of the password.
What do you mean by "NPS is lying to you". Is it completely safe to use the
module ?

Thanks in advance

On Fri, Oct 20, 2017 at 4:45 PM, Alan DeKok <aland at deployingradius.com>
wrote:

> On Oct 20, 2017, at 10:42 AM, Oussama BOUNAIM <o.bounaim at gmail.com> wrote:
> > The authentication works, however, the NPS (Radius Server) is complaining
> > about the authentication method used by pam_radius_auth.so. It says that
> > the client is using PAP insecure PAP protocol.
>
>   That's a stupid complaint.
>
> > I didn't find any parameter on the module documentation
> > <https://github.com/FreeRADIUS/pam_radius> to change this behavior.
> > Does pam_radius_auth.so support other secure protocol like CHAP ?
>
>   CHAP isn't more secure, unfortunately.  And neither is MS-CHAP.
>
>   Ignore the message,  NPS is lying to you.
>
>   Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
>


More information about the Freeradius-Users mailing list