PAP and clear text
Alan DeKok
aland at ox.org
Fri Sep 16 18:41:47 CEST 2005
Chuck Slate <chuck at cslate.net> wrote:
> I have always read and been told that PAP is insecure because it
> transmits passwords in clear text. However, If I sniff the communication
> between my NAS and server when PAP is used, the password is indeed
> obfuscated. It appears to be hashed.
Yes. The passwords are NOT transmitted in the clear. Many, many,
people are confused about that.
> 2) If so, is it the shared secret defined in the clients.conf file that
> is used as a key for the hash?
Yes. See the RFC's for how.
> As you can see, I am looking for some basic info about the flow of the
> connection. I have taken an honest shot at RTFM, but have not come
> across these details yet. Can someone please explain or point me to an
> explanation?
The O'Reilly RADIUS book has a good introduction to this.
Alan DeKok.
More information about the Freeradius-Users
mailing list