Verschlüsselte Übertragung von Passwörtern

Marius.Meisner marius.meisner at googlemail.com
Fri Feb 11 18:02:22 CET 2011


Hi Alan,

thx for your quick reply.

Am 11.02.2011 17:14, schrieb Alan DeKok:
> Marius.Meisner wrote:
>> Which encryption is used - or is the shared secret meant? 
> 
>   Read RFC 2865.  This is the FreeRADIUS list, and not really a place
> for generic "how does RADIUS work" questions.

Sorry for taken your time. Its not only a question how radius works,
instead of how to configure freeradius to a higher level of security.
Moreover I have read the RFC 2865 and a lot of other stuff. Besides,
maybe I have also misunderstood something. In this respect I hold the
question, even if it is maybe put not very exactly for justified. There
is information about easy configuration examples numerously, as soon as
it goes, however, deeper, in my opinion the situation of information is
often weak.
> 
>> How may I
>> change the type of encryption to stronger ones?
> 
>   You can't.
>From which spring do you cover this information or where can I read up
in addition something?
> 
>> By documentation I found the hind to configure PAP-Options, but I havn't
>> found any explantation what options there are and how to use them. Can
>> anyone suggest a good source or howto?
> 
>   I have no idea what "PAP-Options" is.  I suggest asking whoever
> supplied you with that software, because it isn't part of FreeRADIUS.
Okay my fault of an imprecise question. In the radius.conf, also, by the
way, contain in freeradius there ist the following part.
     # PAP module to authenticate users based on their stored password
     #
     #  Supports multiple encryption/hash schemes.  See "man pap"
     #  for details.
     #
     #  The "auto_header" configuration item can be set to "yes".
     #  In this case, the module will look inside of the User-Password
     #  attribute for the headers {crypt}, {clear}, etc., and will
     #  automatically create the attribute on the right-hand side,
     #  with the correct value.  It will also automatically handle
     #  Base-64 encoded data, hex strings, and binary data.
     pap {
             auto_header = no
     }
Man pap hasn't work so far. In the meantime, I have found further
information moreover.
(http://manpages.ubuntu.com/manpages/hardy/man5/rlm_pap.5.html)

Greets

MM





More information about the Freeradius-Users mailing list