Authentication problems depending on connection type

Stefan Paetow Stefan.Paetow at ja.net
Fri Oct 24 20:01:41 CEST 2014


> I was under the impression that, with EAP, it encapsulates the password in the EAP transmission.  
> If I can only do EAP, then that means it can never send it in the clear.  Which means, if I want to send 
> the radius server the password in the clear (since its OTP) what I am doing can’t be done.  Is this correct?

Alex, 

When you receive an EAP access request, FreeRADIUS will pass the request on to the 'inner-tunnel' server (defined in /etc/raddb/sites-available/inner-tunnel). If you have an OTP server, you can then proxy the inner tunnel request to the OTP server. Of course, you then lose any of the protection that EAP-TTLS provides, but then again, if you're using PAP only, all bets are off anyway.

Stefan Paetow
Moonshot Industry & Research Liaison Coordinator

t: +44 (0)1235 822 125
gpg: 0x3FCE5142
xmpp: stefanp at jabber.dev.ja.net
skype: stefan.paetow.janet

Janet, the UK's research and education network.

Janet(UK) is a trading name of Jisc Collections and Janet Limited, a
not-for-profit company which is registered in England under No. 2881024
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238


More information about the Freeradius-Users mailing list