Oliver Elliott wrote: > I had a look into this and as far as I could tell, the conversation > between the switch and the radius server was not encrypted unless you > use TACACS. Does anyone know if this conversation can be encrypted while > using Freeradius, as otherwise the domain login details are presumably > being sent over the network in clear text?
RADIUS passwords are always encrypted. If you want a "real" TACACS+ server, add TACACS+ support to FreeRADIUS. It isn't hard. i.e. probably ~2K LoC. But I haven't had the incentive to do it yet. After that, maybe ARP. I've been looking at the "arpwatch" programs, and none of them talk to databases. <sigh> Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
