Is it possible to use CHAP authentication with pam_radius?
Dan Swartzendruber
dswartz at druber.com
Thu Sep 26 21:44:45 CEST 2019
On 2019-09-26 15:06, Alan DeKok wrote:
> n Sep 26, 2019, at 2:29 PM, Dan Swartzendruber <dswartz at druber.com>
> wrote:
>>
>> On 2019-09-26 14:18, Alan DeKok wrote:
>>> On Sep 26, 2019, at 2:11 PM, Dan Swartzendruber <dswartz at druber.com>
>>> wrote:
>>>> No argument here. Unfortunately, some of our customers are
>>>> anal-retentive and have security compliance audits run, and having
>>>> cleartext passwords is going to be problematic.
>>> The passwords aren't clear-text. They're encrypted on the wire.
>>> Just like PAP.
>>
>> I thought I had seen criticisms that it the encryption wasn't that
>> strong. Maybe I misunderstood...
>
> Yes. Lots of people have criticized it. Mainly people who know
> nothing about nothing.
>
> The encryption scheme is best described as "wonky". But no one has
> managed to crack it. Anyone who says otherwise is lying.
>
> If it had been cracked, you would see it on international news.
> Every ISP and switch manufacturer would be frantically upgrading.
Good to know, thanks for setting me straight. I'm going to let sleeping
dogs lie :)
More information about the Freeradius-Users
mailing list