Thank you! It solved all my further questions. Alan DeKok <aland@deployingradius.com> ezt írta (időpont: 2019. febr. 5., K, 14:01):
On Feb 5, 2019, at 5:58 AM, Fekete Tamás <fektom@gmail.com> wrote:
I would like to make a proxy-tester Nagios check for Freeradius and would like to ask some help for debugging as I experience some problem with
using
eapol_test.
The design is that a user wants to authenticate at realm "A" with credentials stored at realm "B". The infrastructure already set up for proxying based on the realm names and the Access-Requests are do forwarded.
OK...
I tried this proxy scenario with radtest. And with radtest it works.
However, I have some questions regarding this developer work. Maybe you can help me.
The first is: is it true, that radtest doesn't encrypt it's messages so proxy requests will contain the password in a recoverable manner?
The User-Password attribute is protected "on the wire". The passwords are recoverable, because the home server has to check them.
See RFC 2865 Section 5.2 for more information.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html