Luis Daniel Lucio Quiroz schrieb:
> I rather preffer pap, you just only put on risk one
> account not everibody
Well, then you just shouldn't use (MS-)CHAP.
Note however that PAP is incompatible with
MS point-to-point-encryption.
Also note that getting access to the radius server
and reading the "client secrets" is enough to falsify
accept packets. (I.e. if you get the client secret, you
can try to login as whoever you want and send a
falsified accept message for the login attempt), so
CHAP doesn't seem to introduce a new risk, IMHO.
Regards,
Stefan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
