Is it possible to use CHAP authentication with pam_radius?
aland at deployingradius.com
Thu Sep 26 20:18:16 CEST 2019
On Sep 26, 2019, at 2:11 PM, Dan Swartzendruber <dswartz at druber.com> wrote:
> No argument here. Unfortunately, some of our customers are anal-retentive and have security compliance audits run, and having cleartext passwords is going to be problematic.
The passwords aren't clear-text. They're encrypted on the wire. Just like PAP.
> I'm wondering if I could tunnel RADIUS over TCP using an ssh tunnel? This is a very small number of customers who will care, but they have a disproportionate influence...
The pam_radius module doesn't support TCP.
If you care, submit a patch so that the pam_radius module does CHAP. It should be ~30 LoC.
More information about the Freeradius-Users