Theft of password.
Alan DeKok
aland at ox.org
Fri Jun 24 01:33:54 CEST 2005
"Tahseen Hussain" <stud3080 at itu.dk> wrote:
> The problem is end-to-end security in proxy chaining envrionment. What
> ever may be the protocol(CHAP or any EAP method) proxy server can see the
> passwrod
No. This is NOT true.
With CHAP or MS-CHAP, the proxying server does not see the password.
With EAP, the proxying server MAY see the password, depending on the
EAP type, and how the proxying works. It will NOT see the password
for EAP-MD5, PEAP (MSCHAPv2), EAP-TLS, EAP-SIM, etc.
Please understand how the existing protocols work before designing
another one.
Alan DeKok.
More information about the Freeradius-Users
mailing list