23 Jul
2014
23 Jul
'14
3:47 p.m.
Wang, Yu wrote:
You can use third party plugins but I strongly discourage you to use EAP-TTLS with Kerberos/PAP because it has security holes.
Not really.
We use FreeRadius and NTLM.
It's 2014. MS-CHAP is only slightly harder to crack than PAP.
In searching more efficient method than NTLM, I looked into EAP-TTLS with Kerberos but a brother university network engineer showed me how a hacker could steal user passwords easily with EAP-TTLS/Kerberos. I completely abandoned the idea of using it.
Please enlighten me. Alan DeKok.