problem with EAP-TTLS logging passwords
Riccardo Veraldi
Riccardo.Veraldi at cnaf.infn.it
Wed Nov 7 10:01:58 CET 2007
Hello,
I use EAP-TTLS with PAP in my radius proxy infrastructure.
The problem is that with option
log_auth = yes
log_auth_badpass = yes
log_auth_goodpass = yes
passwords are logged on the intermediate radius servers and also on the
final
hub radius server since I have a tree radius server infrastructure
sparse into Italy.
How to solve this problem ?
I cannot use EAP-MD5 or MSCHAPv2 inside the TLS tunnel since users passwords
are on an encrypted database (unix passwords or kerberos passwords).
Anyone has a solution for this ?
I would like to prevent the possibility of the password being logged on
the intermediate
radius servers.
thanks
Riccardo
More information about the Freeradius-Users
mailing list