pam_radius_auth issue

Mircea Harapu mircea.harapu at
Thu Jul 20 14:09:10 CEST 2006

> > I'm trying to make a ssh authentication with pam_radius_auth +
freeradius +
> > ldap
> > The problem is that radius is sending the password to ldap in clear and
> > crypted with CRYPT as configured in ldap module .
>   Huh?  pam_radius_auth sends the password to FreeRADIUS in the clear,
> because that's what it does.  FreeRADIUS sends this to LDAP because
> LDAP doesn't understand anything else.

sending passwords in clear in a network is not secure . pam_radius_auth does
md5 crypting capabilities . that's why you need to set radius key .

>   And there is NO configuration in the LDAP module to send the
> password in crypted form.  I think you're mistaking the configuration
> that *reads* the password from LDAP for something else.

auto_header = yes
that means that it checks for encryption types .
right now my passwords in LDAP are stored crypted .
for cisco equipments works perfect .

>   And in any case, you haven't said why it's a problem.  LDAP gets a
> clear-text password.  So?  That's how everyone else uses LDAP.  Why is
> this wrong for you?  What problems does it cause?

Using passwords in clear is a lack of security and I don't belive that
everyone is doing that!

>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list