Thank you all for responding. Alan, thanks for clarifying on the protocols. I paired them randomly in the example. A hierarchy would be very useful (but I only say that wishfully). Arran, this is great to know. Brian, I agree with you about PAP. We have multi-site organization, so passwords will be transmitted over WAN. Might have to explore Matthew and TIm's suggestions. So to anyone... do we have any other motions to start a compatibility matrix between OS's and protocols? If so, let's get some docs going. We can add the nuances there too. How do we get the permissions to create content on the wiki? Thanks, David -- David Teston PINES System Administrator Georgia Public Library Service 1800 Century Place, Suite 150 Atlanta, GA 30345 Office: 404-235-7206 Mobile: 404-623-8676 dteston@georgialibraries.org http://georgialibraries.org On Fri, Apr 7, 2017 at 3:39 PM, Brian Julin <BJulin@clarku.edu> wrote:
David Teston wrote:
Where can I find a protocol compatibility matrix for each OS?
Haven't seen one. Really we need some bored retiree to start a beer money kickstarter to test and maintain giant compatibility tables, not just for this, but for all the nuances of wifi chipsets.
Also, can we prioritize the protocols? Since PAP is the least secure, I'd like clients to try the other protocols and use PAP as the last option.
Generally supplicants are configured to use one specific protocol, not a fallback list. Most servers are configured to offer only one protocol to a specific class of clients.
PAP should only be used when confined to unsniffable internal administrative networks... there's no good reason to use it elsewhere as all it will do is expose your user's passwords, which is worse than having no password security at all.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/ list/users.html