Verschlüsselte Übertragung von Passwörtern
Hello, I'am searching for a good way to secure the transmission of passwords with decryption between clients and a radius-server (there is no NAS between) without client zertificates. At the moment I use default PAP configuration. Which ways are possible? Any hind, how I get this working or could find solutions? In the dokumentation I haven't found something like that with PAP? Is there a posiblity to get this work with PAP or should I change form PAP to EAP or something else? thx & greets MM
Marius.Meisner wrote:
I'am searching for a good way to secure the transmission of passwords with decryption between clients and a radius-server (there is no NAS between) without client zertificates. At the moment I use default PAP configuration.
The User-Password attribute is always encrypted. Alan DeKok.
Hallo Alan, thx for your response. But there is still a question left. Am 11.02.2011 15:08, schrieb Alan DeKok:
Marius.Meisner wrote:
I'am searching for a good way to secure the transmission of passwords with decryption between clients and a radius-server (there is no NAS between) without client zertificates. At the moment I use default PAP configuration.
The User-Password attribute is always encrypted.
Which encryption is used - or is the shared secret meant? How may I change the type of encryption to stronger ones? By documentation I found the hind to configure PAP-Options, but I havn't found any explantation what options there are and how to use them. Can anyone suggest a good source or howto? thx and greets MM
Marius.Meisner wrote:
Which encryption is used - or is the shared secret meant?
Read RFC 2865. This is the FreeRADIUS list, and not really a place for generic "how does RADIUS work" questions.
How may I change the type of encryption to stronger ones?
You can't.
By documentation I found the hind to configure PAP-Options, but I havn't found any explantation what options there are and how to use them. Can anyone suggest a good source or howto?
I have no idea what "PAP-Options" is. I suggest asking whoever supplied you with that software, because it isn't part of FreeRADIUS. Alan DeKok.
Hi Alan, thx for your quick reply. Am 11.02.2011 17:14, schrieb Alan DeKok:
Marius.Meisner wrote:
Which encryption is used - or is the shared secret meant?
Read RFC 2865. This is the FreeRADIUS list, and not really a place for generic "how does RADIUS work" questions.
Sorry for taken your time. Its not only a question how radius works, instead of how to configure freeradius to a higher level of security. Moreover I have read the RFC 2865 and a lot of other stuff. Besides, maybe I have also misunderstood something. In this respect I hold the question, even if it is maybe put not very exactly for justified. There is information about easy configuration examples numerously, as soon as it goes, however, deeper, in my opinion the situation of information is often weak.
How may I change the type of encryption to stronger ones?
You can't. From which spring do you cover this information or where can I read up
in addition something?
By documentation I found the hind to configure PAP-Options, but I havn't found any explantation what options there are and how to use them. Can anyone suggest a good source or howto?
I have no idea what "PAP-Options" is. I suggest asking whoever supplied you with that software, because it isn't part of FreeRADIUS.
Okay my fault of an imprecise question. In the radius.conf, also, by the way, contain in freeradius there ist the following part. # PAP module to authenticate users based on their stored password # # Supports multiple encryption/hash schemes. See "man pap" # for details. # # The "auto_header" configuration item can be set to "yes". # In this case, the module will look inside of the User-Password # attribute for the headers {crypt}, {clear}, etc., and will # automatically create the attribute on the right-hand side, # with the correct value. It will also automatically handle # Base-64 encoded data, hex strings, and binary data. pap { auto_header = no } Man pap hasn't work so far. In the meantime, I have found further information moreover. (http://manpages.ubuntu.com/manpages/hardy/man5/rlm_pap.5.html) Greets MM
Marius.Meisner wrote:
Am 11.02.2011 17:14, schrieb Alan DeKok:
Marius.Meisner wrote:
Which encryption is used - or is the shared secret meant? Read RFC 2865. This is the FreeRADIUS list, and not really a place for generic "how does RADIUS work" questions.
Sorry for taken your time. Its not only a question how radius works, instead of how to configure freeradius to a higher level of security.
If you know RADIUS better than I do, why are you asking questions?
How may I change the type of encryption to stronger ones? You can't. From which spring do you cover this information or where can I read up in addition something?
And again, this isn't the place to ask generic questions about RADIUS. Alan DeKok.
participants (2)
-
Alan DeKok -
Marius.Meisner