encrypted password - radius over WAN
Alan DeKok
aland at deployingradius.com
Mon Jan 22 07:55:40 CET 2007
Agent Smith wrote:
> I'd like to implement pam_radius module on some of our
> Linux boxes but I am worried about password
> (pam_radius can only do PAP) being captured and
> misused since the radius server is at central office
> and clients are all over the place.
Don't worry.
> I read
> (http://www.cisco.com/warp/public/480/10.html#comp_packet_encry)
> that radius encrypts passwords using the secret key
> between radius server and client, is this true with
> FR?
Yes. This is part of the protocol.
> I suppose I can build some stun or openvpn tunnels
> between linux clients and FR but before I go down that
> road, I'd like to know if its necessary.
It may still be a good idea, but that's for the future.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
More information about the Freeradius-Users
mailing list