attribute value length limit
Fco. Javier Melero
javier at di.uc3m.es
Mon Oct 1 13:12:45 CEST 2007
Alan DeKok escribió:
>
> That is the easiest method.
>
Ok, I've had a look at your Deploying Radius site and that compatibility
table. I haven´t seen it before. I guess ntlm_auth can do it too. And we
could add a pre-calculated digest hash for those VoIP dudes. We will try
all that.
>
> You can enforce SSL access to the LDAP server, which will secure the
> passwords on the wire. You can add filter lists on the LDAP server to
> prevent anyone else from reading the clear-text password.
>
But if somebody manages to break into your LDAP server that won't help
you.Of course, somebody can break into your RADIUS server too, but, at
least in our case, the RADIUS server is easier to protect (no operators
updating the database and not unknown clients connecting to it). IMHO
It's better to avoid plain-text passwords, but, if you really need them,
the whole system security will be stronger (or less weak) with that
asymmetric ciphering than without it.
> Yes.
lol
Well, It wouldn't surprise me.
Javier
More information about the Freeradius-Users
mailing list