I'm trying to make a ssh authentication with pam_radius_auth + freeradius + ldap The problem is that radius is sending the password to ldap in clear and not crypted with CRYPT as configured in ldap module .
Huh? pam_radius_auth sends the password to FreeRADIUS in the clear, because that's what it does. FreeRADIUS sends this to LDAP because LDAP doesn't understand anything else.
sending passwords in clear in a network is not secure . pam_radius_auth does have md5 crypting capabilities . that's why you need to set radius key .
And there is NO configuration in the LDAP module to send the password in crypted form. I think you're mistaking the configuration that *reads* the password from LDAP for something else.
auto_header = yes that means that it checks for encryption types . right now my passwords in LDAP are stored crypted . for cisco equipments works perfect .
And in any case, you haven't said why it's a problem. LDAP gets a clear-text password. So? That's how everyone else uses LDAP. Why is this wrong for you? What problems does it cause?
Using passwords in clear is a lack of security and I don't belive that everyone is doing that!
Alan DeKok. - List info/subscribe/unsubscribe? See