Of accounting data and security
Alan DeKok
aland at deployingradius.com
Mon Aug 9 23:14:31 CEST 2010
Natr Brazell wrote:
> Wasn't suggesting I'd use TACACS+. I am in the process of replacing my
> customers existing TACACS+ architecture however they keep coming back to
> the ability of TACACS+ over Radius to secure, or rather, not send
> accounting data across the network in the clear. (I assume this is the
> case) I think I'm going to have to address this over and over again.
The accounting data is sent in the clear on a LAN. This shouldn't be
a problem.
If you're sending accounting data across the Internet, use IPSec.
Don't even pretend to use anything else. RADIUS (and TACACS+) security
is simply not as good as IPSec.
Alan DeKok.
More information about the Freeradius-Users
mailing list