About Radius security
Emmanuel BILLOT ACAD
emmanuel.billot at ac-orleans-tours.fr
Sat Dec 1 22:44:37 CET 2012
Apologizes if this question is to "newbie", but i recently thought about
Radius security when using proxy.
Considering we are using an EAP-TTLS method, based on LDAP
authentication inside inner-tunnel (finally with PAP auth a the end).
When a client tries an auth, encryption is done by the server only,
encoding datas into a TLS tunnels initiated by the server. So login and
password are "hidden" into this tunnel.
But when using this method through a proxy way, wher eis data encryption ?
First i a direct connexion :
Client (EAP-TTLS) => Tunnel (TLS) => Radius Server
Then with proxy :
Client (EAP-TTLS) => ? => Proxy Radius Server => ? => Radius
More information about the Freeradius-Users