Personally, I'd rather not have all of my user's passwords stored in plain text on my radius server, but we all have our ideas of what constitutes 'secure'..... Why not compromise and set up a vpn between your NAS and radius server so even PAP is encrypted?
On Monday 04 March 2002 19:58, you wrote: > On Mon, 2002-03-04 at 21:56, Eric Dean wrote: > > My experience is that the user will call up and complain about having an > > email problem when in fact there is a problem with PAP. > > YES, I love customers calling me :). Now, tell me how you can do it, > please, please, please. :) > Really, We think that we don't want PAP authentication allowed in a > wireless link. > > > On Mon, 4 Mar 2002, Frank Cusack wrote: > > > Yeah, but at least the user only tries the one time. They then learn > > > they need to use CHAP. The better fix is indeed to have the NAS deny > > > PAP, but doing it at the RADIUS server still has some benefit. > > > > > > /fc > > > > > > On Mon, Mar 04, 2002 at 04:32:36PM -0500, Eric Dean wrote: > > > > Unfortunately, if the NAS has already negotiated PAP, it's pretty > > > > useless to have the radius server not authenticate because it's > > > > already been sent. > > > > > > > > On Mon, 4 Mar 2002, Alan DeKok wrote: > > > > > Eduardo Roldan <[EMAIL PROTECTED]> wrote: > > > > > > I have a wireless network. I want that my customers only > > > > > > authenticate through CHAP (don't want passwords flying in the > > > > > > sky), so, all PAP request will deny access. > > > > > > > > > > > > How can I disable PAP? or Enable CHAP ONLY > > > > > > - > > > List info/subscribe/unsubscribe? See > > > http://www.freeradius.org/list/users.html > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
