Agent Smith wrote: > I'd like to implement pam_radius module on some of our > Linux boxes but I am worried about password > (pam_radius can only do PAP) being captured and > misused since the radius server is at central office > and clients are all over the place.
Don't worry. > I read > (http://www.cisco.com/warp/public/480/10.html#comp_packet_encry) > that radius encrypts passwords using the secret key > between radius server and client, is this true with > FR? Yes. This is part of the protocol. > I suppose I can build some stun or openvpn tunnels > between linux clients and FR but before I go down that > road, I'd like to know if its necessary. It may still be a good idea, but that's for the future. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
