10 Feb
2011
10 Feb
'11
7:50 a.m.
Oliver Elliott wrote:
I had a look into this and as far as I could tell, the conversation between the switch and the radius server was not encrypted unless you use TACACS. Does anyone know if this conversation can be encrypted while using Freeradius, as otherwise the domain login details are presumably being sent over the network in clear text?
RADIUS passwords are always encrypted. If you want a "real" TACACS+ server, add TACACS+ support to FreeRADIUS. It isn't hard. i.e. probably ~2K LoC. But I haven't had the incentive to do it yet. After that, maybe ARP. I've been looking at the "arpwatch" programs, and none of them talk to databases. <sigh> Alan DeKok.