Freeradius doesn't detect EAP when authenticating against MySQL
primoz
primski at gmail.com
Tue Oct 23 11:36:51 CEST 2007
Aah, i like the reverse psyhology approach here, but I'm just trying to
gather information and knowledge from different sources.
Sorry for my newbiness, will dive into the documentation and decide whether
to use PAP or store passwords in clear text.
EAP_TTLS would work, but windows XP client doesn't support it, and i would
like to avoid installing extra supplicant.
thanks for everybody's time...
greetz,
primski
On 10/23/07, Alan DeKok <aland at deployingradius.com> wrote:
>
> primoz wrote:
> > And PAP is not very safe and smart way to go as i read it.
>
> PAP is fine for RADIUS.
>
> > So, crypted passwords are usefull only in web applications?
>
> That's not at all what I said. I specifically mentioned Unix logins.
> Crypt'd passwords are useful only for PAP. There are many, many, kinds
> of systems using clear-text passwords (i.e. PAP) for authentication.
>
> > I read a lot
> > lately about, how one should never store passwords in clear text, i
> > guess that applies only to web apps.
>
> No. It's written by people who either don't understand security, OR
> aren't using EAP methods. Again, if all you're doing is PAP, then
> crypt'd passwords are OK. If you need EAP, you also need clear-text
> passwords.
>
> Stop trying to apply comments from web application "how-to's" to
> RADIUS. They're not the same, and the security analysis is not the same.
>
> > It is safe, sane, and common practice to store passwords in clear
> > text.
> >
> > I do not have many experience with this, in fact its my first project on
> > the matter.
>
> Then why are you questioning the answers you get here?
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20071023/4d3e758b/attachment.html>
More information about the Freeradius-Users
mailing list