PAP and clear text

Chuck Slate chuck at cslate.net
Fri Sep 16 17:50:30 CEST 2005


Hi All.

I have a few freeRADIUS newbie questions for you.

I have always read and been told that PAP is insecure because it
transmits passwords in clear text. However, If I sniff the communication
between my NAS and server when PAP is used, the password is indeed
obfuscated. It appears to be hashed.

So my questions are:
1) First and foremost, am I interpreting this correctly?
2) If so, is it the shared secret defined in the clients.conf file that
is used as a key for the hash?
3) If not, any clue as to what I am seeing, and in that case, what is
the shared secret used for?

As you can see, I am looking for some basic info about the flow of the
connection.  I have taken an honest shot at RTFM, but have not come
across these details yet.  Can someone please explain or point me to an
explanation?

Thanks in advance.





Chuck




More information about the Freeradius-Users mailing list