public secret and public radius server. Is it secure?

sophana sophana at zizi.ath.cx
Fri Jun 2 11:36:07 CEST 2006


Hi

I'd like to make a public hotspot management system with chillispot and 
freeradius.
I saw in the freeradius source that the NAS are identified from the ip 
address, and the secret is determined from it.

My problem is that there can be hotspots on dynamic ip addresses.
The solution I found actually is to have an unique secret shared with 
all hotspots.
So the secret is known by everybody.

My question is :
- What can a malicious user can do with the secret? Can it alter 
accounting and other things? (chillispot uses chap auth-type)
- Is there a way of maintaining a per hotspot secret with dynamic ip 
addresses?

Regards
Sophana



More information about the Freeradius-Users mailing list