> if you dont trust the network then you will also need to looking at using TLS to transport
> things around - eg RADSEC or a VPN tunnel.
isn't the point of PEAP that i don't need them because it is wrapped in an encrypted communication?
Hi,
> The problem is, that I do not trust the network and I don't want to storeif you dont trust the network then you will also need to looking at using TLS to transport
> the password in plain.
> Also, isn't the NT Hash insecure beacuse it is easily cracked? Or am i
> mixing things up?
things around - eg RADSEC or a VPN tunnel.
as for NT hash - yes, there are security issues but only if you have access to them
or expose them - if you bind the FreeRADIUS system to an AD and use eg ntlm_auth then the NThash
isnt accessed.