Freeradius authentification against Kerberos
Alan DeKok
aland at deployingradius.com
Wed Jul 23 21:47:34 CEST 2014
Wang, Yu wrote:
> You can use third party plugins but I strongly discourage you to use
> EAP-TTLS with Kerberos/PAP because it has security holes.
Not really.
> We use
> FreeRadius and NTLM.
It's 2014. MS-CHAP is only slightly harder to crack than PAP.
> In searching more efficient method than NTLM, I
> looked into EAP-TTLS with Kerberos but a brother university network
> engineer showed me how a hacker could steal user passwords easily with
> EAP-TTLS/Kerberos. I completely abandoned the idea of using it.
Please enlighten me.
Alan DeKok.
More information about the Freeradius-Users
mailing list