26 Nov
2011
26 Nov
'11
6:12 p.m.
Sven Hartge <sven@svenhartge.de> wrote:
Yes, this is kind of weak. And because of this weakness a protocol like RADsec has been developed, which is essentially RADIUS-with-SSL-over-TCP, thus providing strong encryption of the whole RADIUS session.
Addition: The first FreeRADIUS version to include native RADsec support will be 3.0. To use it with a version below that, you usually proxy your normal RADIUS request through a software like radsecproxy. But again: this is normally only used between RADIUS servers across a insecure network and not betweens a client (meaning an AP or a modem-server, etc.) and its RADIUS server. Grüße, Sven. -- Sigmentation fault. Core dumped.