About Radius security

Emmanuel BILLOT ACAD emmanuel.billot at ac-orleans-tours.fr
Sat Dec 1 22:44:37 CET 2012


Apologizes if this question is to "newbie", but i recently thought about 
Radius security when using proxy.
Considering we are using an EAP-TTLS method, based on LDAP 
authentication inside inner-tunnel (finally with PAP auth a the end).

When a client tries an auth, encryption is done by the server only, 
encoding datas into a TLS tunnels initiated by the server. So login and 
password are "hidden" into this tunnel.

But when using this method through a proxy way, wher eis data encryption ?

Ex :

First i a direct connexion :
Client (EAP-TTLS) => Tunnel (TLS) => Radius Server

Then with proxy :
Client (EAP-TTLS) => ? => Proxy Radius Server => ? => Radius


More information about the Freeradius-Users mailing list