Is it possible to use CHAP authentication with pam_radius?
aland at deployingradius.com
Thu Sep 26 21:06:07 CEST 2019
n Sep 26, 2019, at 2:29 PM, Dan Swartzendruber <dswartz at druber.com> wrote:
> On 2019-09-26 14:18, Alan DeKok wrote:
>> On Sep 26, 2019, at 2:11 PM, Dan Swartzendruber <dswartz at druber.com> wrote:
>>> No argument here. Unfortunately, some of our customers are anal-retentive and have security compliance audits run, and having cleartext passwords is going to be problematic.
>> The passwords aren't clear-text. They're encrypted on the wire.
>> Just like PAP.
> I thought I had seen criticisms that it the encryption wasn't that strong. Maybe I misunderstood...
Yes. Lots of people have criticized it. Mainly people who know nothing about nothing.
The encryption scheme is best described as "wonky". But no one has managed to crack it. Anyone who says otherwise is lying.
If it had been cracked, you would see it on international news. Every ISP and switch manufacturer would be frantically upgrading.
More information about the Freeradius-Users