Chuck Slate <chuck@cslate.net> wrote:
I have always read and been told that PAP is insecure because it transmits passwords in clear text. However, If I sniff the communication between my NAS and server when PAP is used, the password is indeed obfuscated. It appears to be hashed.
Yes. The passwords are NOT transmitted in the clear. Many, many, people are confused about that.
2) If so, is it the shared secret defined in the clients.conf file that is used as a key for the hash?
Yes. See the RFC's for how.
As you can see, I am looking for some basic info about the flow of the connection. I have taken an honest shot at RTFM, but have not come across these details yet. Can someone please explain or point me to an explanation?
The O'Reilly RADIUS book has a good introduction to this. Alan DeKok.