Tunnel TLS Authentication with PAP
Hi.. i have freeradius that uses LDAP authentication password in md5 format and have ubuntu client that users WPA supplicant with following details, Authentication : Tunneled TLS CA certificate : ca.pem Inner Authentication : PAP Then the username and password , because im using CA certificate(ca.pem) of the radius in the client side , server and client communication should be secure ...correct me if im worng.. i just want to know , is these details are secure to send password via network , because when i ran radius in debug mode i can see the password in clear text. Thank You john
On 05/29/2012 09:49 AM, val john wrote:
Hi..
i have freeradius that uses LDAP authentication password in md5 format
and have ubuntu client that users WPA supplicant with following details,
Authentication : Tunneled TLS CA certificate : ca.pem Inner Authentication : PAP
Then the username and password ,
because im using CA certificate(ca.pem) of the radius in the client side , server and client communication should be secure ...correct me if im worng..
i just want to know , is these details are secure to send password via network , because when i ran radius in debug mode i can see the password in clear text.
Of course, TLS encryptes/decryptes at the socket level, FreeRADIUS is seeing the data after it's read off the socket. -- John Dennis <jdennis@redhat.com> Looking to carve out IT costs? www.redhat.com/carveoutcosts/
Hi,
because im using CA� certificate(ca.pem) of the radius in the client side ,�� server and client communication should be secure ...correct me if im� worng..
yes, secure - well, so long as the client is configured to only trust that CA and the CN of the real RADIUS server....
i just want to know , is these details are secure to send password via network , because when i ran radius in debug mode i can see the password in clear text.
you can read it in clear text because its the server! it KNOWS the password because 1) its PAP and 2) it HAS to know the password to be able to authenticate! alan
participants (3)
-
alan buxey -
John Dennis -
val john