-----Original Message----- From: aland@nitros9.org [mailto:aland@nitros9.org]On Behalf Of Alan DeKok Sent: Thursday, July 07, 2005 12:36 PM To: shawnlkennedy@lucent.com; FreeRadius users mailing list Subject: Re: Silly question - secure Radius?
"Shawn Kennedy" <shawnlkennedy@lucent.com> wrote:
I am just getting started with setting up Radius, and with the reading I've done (mostly with the O'Reilly book), it seems that Radius in itself is insecure. Sure, you can use a Shared Secret and the password is sent with a MD5 hash, but is there anything better?
"radsec", which Radiator just came out with.
I've taken a quick look at it, but I don't think it will be easy to implement inside of the current server. Adding it via an external program should be relatively trivial, though.
Hi Alan, Thanks for the heads up. Wasn't aware of such a thing. I briefly looked at CHAP, but abandoned it for the obvious reasons. Looking into EAP-TLS, but don't have a PKI infrastructure set up yet. Just as a side question, is this sort of thing on FreeRadius's radar screen? Thanks again, Shawn