21 Sep
2015
21 Sep
'15
10:12 a.m.
On 21-09-15 11:21, A.L.M.Buxey@lboro.ac.uk wrote:
Hi,
oh , it is. if the worry is the insecurity of PAP being sent upstream, then make the upstream connection a RADSEC connection.
Another use case I could think of is that the remote RADIUS server does not accept PAP authentications. I remember that the Microsoft RADIUS (NPS?) did only accept PEAP by default, it could be configured to accept MSCHAPv2 as well, but I don't remember we ever could make it to accept PAP. But I don't think this is the reason here, since it doesn't accept TTLS. -- Herwin Weststrate