attribute value length limit

Alan DeKok aland at deployingradius.com
Fri Sep 28 17:20:32 CEST 2007


Fco. Javier Melero wrote:
> Maybe some context will help. What we are trying to do is implement a
> 802.1x wireless lan which can allow multiple EAP methods under the same
> SSID. If you want TTLS/PAP and PEAP/MSCHAP working together the only way
> is to use clear text passwords (or I think so).

  That is the easiest method.

> In our scenario, which
> is only a test so far, there will be no applications using this
> attribute. Radius server will be the only one which will have the
> private key, and hopefully keeping it as save as we could the whole
> system will have a reasonable security.

  You can enforce SSL access to the LDAP server, which will secure the
passwords on the wire.  You can add filter lists on the LDAP server to
prevent anyone else from reading the clear-text password.

> Are we driving ourselves insane? Tell me the truth ;-)

  Yes.

  Alan DeKok.




More information about the Freeradius-Users mailing list