I'd like to implement pam_radius module on some of our Linux boxes but I am worried about password (pam_radius can only do PAP) being captured and misused since the radius server is at central office and clients are all over the place. I read (http://www.cisco.com/warp/public/480/10.html#comp_packet_encry) that radius encrypts passwords using the secret key between radius server and client, is this true with FR? I suppose I can build some stun or openvpn tunnels between linux clients and FR but before I go down that road, I'd like to know if its necessary. ____________________________________________________________________________________ Don't get soaked. Take a quick peak at the forecast with the Yahoo! Search weather shortcut. http://tools.search.yahoo.com/shortcuts/#loc_weather
Agent Smith wrote:
I'd like to implement pam_radius module on some of our Linux boxes but I am worried about password (pam_radius can only do PAP) being captured and misused since the radius server is at central office and clients are all over the place.
Don't worry.
I read (http://www.cisco.com/warp/public/480/10.html#comp_packet_encry) that radius encrypts passwords using the secret key between radius server and client, is this true with FR?
Yes. This is part of the protocol.
I suppose I can build some stun or openvpn tunnels between linux clients and FR but before I go down that road, I'd like to know if its necessary.
It may still be a good idea, but that's for the future. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
participants (2)
-
Agent Smith -
Alan DeKok