7 Nov
2007
7 Nov
'07
4:01 a.m.
Hello, I use EAP-TTLS with PAP in my radius proxy infrastructure. The problem is that with option log_auth = yes log_auth_badpass = yes log_auth_goodpass = yes passwords are logged on the intermediate radius servers and also on the final hub radius server since I have a tree radius server infrastructure sparse into Italy. How to solve this problem ? I cannot use EAP-MD5 or MSCHAPv2 inside the TLS tunnel since users passwords are on an encrypted database (unix passwords or kerberos passwords). Anyone has a solution for this ? I would like to prevent the possibility of the password being logged on the intermediate radius servers. thanks Riccardo
6818
Age (days ago)
6818
Last active (days ago)
1 comments
2 participants
participants (2)
-
A.L.M.Buxey@lboro.ac.uk -
Riccardo Veraldi