if you dont trust the network then you will also need to looking at using TLS to transport things around - eg RADSEC or a VPN tunnel.
isn't the point of PEAP that i don't need them because it is wrapped in an encrypted communication?
as for NT hash - yes, there are security issues but only if you have access to them or expose them - if you bind the FreeRADIUS system to an AD and use eg ntlm_auth then the NThash isnt accessed.
The thing is, i can't use AD to store the passwords. Specifically, i would like to store the password as a salted hash. I want something like this: - encrypted channel between authenticator and radius server - passwords stored as a salted hash 2012/7/11 alan buxey <A.L.M.Buxey@lboro.ac.uk>
Hi,
The problem is, that I do not trust the network and I don't want to store the password in plain. Also, isn't the NT Hash insecure beacuse it is easily cracked? Or am i mixing things up?
if you dont trust the network then you will also need to looking at using TLS to transport things around - eg RADSEC or a VPN tunnel.
as for NT hash - yes, there are security issues but only if you have access to them or expose them - if you bind the FreeRADIUS system to an AD and use eg ntlm_auth then the NThash isnt accessed.
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html