On Feb 5, 2019, at 5:58 AM, Fekete Tamás <fektom@gmail.com> wrote:
I would like to make a proxy-tester Nagios check for Freeradius and would like to ask some help for debugging as I experience some problem with using eapol_test.
The design is that a user wants to authenticate at realm "A" with credentials stored at realm "B". The infrastructure already set up for proxying based on the realm names and the Access-Requests are do forwarded.
OK...
I tried this proxy scenario with radtest. And with radtest it works.
However, I have some questions regarding this developer work. Maybe you can help me.
The first is: is it true, that radtest doesn't encrypt it's messages so proxy requests will contain the password in a recoverable manner?
The User-Password attribute is protected "on the wire". The passwords are recoverable, because the home server has to check them. See RFC 2865 Section 5.2 for more information. Alan DeKok.