attribute value length limit

Fco. Javier Melero javier at
Mon Oct 1 13:12:45 CEST 2007

Alan DeKok escribió:
>   That is the easiest method.
Ok, I've had a look at your Deploying Radius site and that compatibility 
table. I haven´t seen it before. I guess ntlm_auth can do it too. And we 
could add a pre-calculated digest hash for those VoIP dudes. We will try 
all that.
>   You can enforce SSL access to the LDAP server, which will secure the
> passwords on the wire.  You can add filter lists on the LDAP server to
> prevent anyone else from reading the clear-text password.
But if somebody manages to break into your LDAP server that won't help 
you.Of course, somebody can break into your RADIUS server too, but, at 
least in our case, the RADIUS server is easier to protect (no operators 
updating the database and not unknown clients connecting to it). IMHO 
It's better to avoid plain-text passwords, but, if you really need them, 
the whole system security will be stronger (or less weak) with that 
asymmetric ciphering than without it.

> Yes.
Well, It wouldn't surprise me.


More information about the Freeradius-Users mailing list