Hello,
I use EAP-TTLS with PAP in my radius proxy infrastructure.
The problem is that with option
log_auth = yes
log_auth_badpass = yes
log_auth_goodpass = yes
passwords are logged on the intermediate radius servers and also on the
final
hub radius server since I have a tree radius server infrastructure
sparse into Italy.
How to solve this problem ?
I cannot use EAP-MD5 or MSCHAPv2 inside the TLS tunnel since users passwords
are on an encrypted database (unix passwords or kerberos passwords).
Anyone has a solution for this ?
I would like to prevent the possibility of the password being logged on
the intermediate
radius servers.
thanks
Riccardo
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
