Bob Probert wrote:I said RADIUS secures the password. I meant that.
> In my understanding RADIUS provides security in the form of an MD5 hash
> -- not ideal.
It helps to understand the system before trying to fix it.
You're asking the wrong questions. Your questions are based on a
> Has RADSEC been implemented for this PAM module? If not, how is the
> community sanitizing this traffic? IPSEC? STUNNEL?
false assumption: that the password is insecure in normal RADIUS.
There is no evidence to believe that this is true.
If you want the traffic to be *more* secure, set the RADIUS server to
be 127.0.0.1, and run a RADIUS proxy on the local machine. It can then
do RadSec to anywhere you want.
Or, you can configure IPSec, so that the RADIUS PAM module
communicates with the RADIUS server over a network secured by IPSec.
Both solutions require *zero* changes to the PAM module. All they
require is a little knowledge of networking.