Chuck Slate <[EMAIL PROTECTED]> wrote: > I have always read and been told that PAP is insecure because it > transmits passwords in clear text. However, If I sniff the communication > between my NAS and server when PAP is used, the password is indeed > obfuscated. It appears to be hashed.
Yes. The passwords are NOT transmitted in the clear. Many, many, people are confused about that. > 2) If so, is it the shared secret defined in the clients.conf file that > is used as a key for the hash? Yes. See the RFC's for how. > As you can see, I am looking for some basic info about the flow of the > connection. I have taken an honest shot at RTFM, but have not come > across these details yet. Can someone please explain or point me to an > explanation? The O'Reilly RADIUS book has a good introduction to this. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html