I had to ask, I have people telling me that this is a limitation of
only FreeRADIUS and not all RADIUS servers in general. There is a
concern that the UP is being stored in clear text in Novell and we
need to turn off that service and only use simple password. Since I
am no Novell admin I really do not have a clue if we can encrypt the
UP that is stored on the server or what other implications there are
in turning off UP.
Jason Brown - RHCT, Security+, Linux+, Network+
Systems Administrator
Enterprise Technology Services
Ferris State University
(231) 591-2687
On Feb 5, 2009, at 1:48 AM, Alan DeKok wrote:
Jason C Brown wrote:
Do you by chance know if every RADIUS server acts the same way? For
instance would Steel Belted RADIUS require the use of UP as well?
Please read this explanation again:
The Novell password is not stored as an attribute unless Universal
password is enabled. It exists in eDirectory, can be created/
modified by
ldap as userpassword but cannot be returned in an ldap search.
The password can't be seen by *any* RADIUS server until it's stored
as
a Universal password.
This is a limitation of Novell's LDAP server, and applies to all LDAP
clients, whether they are RADIUS servers, command-line clients, web
servers, or anything else.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html