Lotus Notes Encryption
Stefan Winter
stefan.winter at restena.lu
Thu Aug 19 10:28:34 CEST 2010
Hi,
> It will mean that you will need to change your clients to get it
> working (installing a different supplicant rather than the standard
> windows one), and that the clients will talk to the access point over
> SSL (TTLS) but since it's using PAP the password is sent not hashed or
> encrypted. So then when the NAS (Wireless access point) talks to
> FreeRadius and sends the password not encrypted or hashed.
Uh, that last part is not true. The NAS doesn't see or transmit any
passwords in the clear. The TLS tunnel spans from the client to the
RADIUS server. The RADIUS server will then see the clear-text password,
*no one else*. It's a popular urban legend that TTLS sends clear text
passwords, but it's not true.
Stefan
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
More information about the Freeradius-Users
mailing list