AES encrypted passwords

Dom Latter freeradius-users at latter.org
Fri Sep 30 12:09:34 CEST 2016



On 29/09/16 17:57, Bogdan Rudas via Freeradius-Users wrote:
> Hello Dom,
>
> Why don't you go with EAP-TTLS+PAP ? Plain-text password transferred over
> TLS-secured channel let you use any hashing algorithm you want in your

As far as I can work out, out-of-the-box support for this protocol only
arrived for most things in about 2010.  We'll have quite a lot of users
still using machines older than that.  I suspect that for commercial
reasons, it's not an option.  I can ask.

 > database. Sure, you have to pay attention for proper device
 > configuration with your CA certificate.

Do you mean a certificate needs to go on the device?

I have had a look at this:
http://cloudessa.com/tips-and-tricks/how-to-setup-eap-ttls-with-inner-pap-authentication-protocol-on-mac-os/
for example and it does not look like a certificate *needs* installing.

thanks for your suggestion.

(Apologies for my mailer dropping my real name from my previous post:
  don't know why it did that).


More information about the Freeradius-Users mailing list