proxy incoming PAP request as outgoing PEAP/TTLS requests
Herwin Weststrate
herwin at quarantainenet.nl
Mon Sep 21 16:12:04 CEST 2015
On 21-09-15 11:21, A.L.M.Buxey at lboro.ac.uk wrote:
> Hi,
>
> oh , it is. if the worry is the insecurity of PAP being sent
> upstream, then make the upstream connection a RADSEC connection.
Another use case I could think of is that the remote RADIUS server does
not accept PAP authentications. I remember that the Microsoft RADIUS
(NPS?) did only accept PEAP by default, it could be configured to accept
MSCHAPv2 as well, but I don't remember we ever could make it to accept
PAP. But I don't think this is the reason here, since it doesn't accept
TTLS.
--
Herwin Weststrate
More information about the Freeradius-Users
mailing list