Hi,
Apologizes if this question is to "newbie", but i recently thought about
Radius security when using proxy.
Considering we are using an EAP-TTLS method, based on LDAP
authentication inside inner-tunnel (finally with PAP auth a the end).
When a client tries an auth, encryption is done by the server only,
encoding datas into a TLS tunnels initiated by the server. So login and
password are "hidden" into this tunnel.
But when using this method through a proxy way, wher eis data encryption ?
Ex :
First i a direct connexion :
Client (EAP-TTLS) => Tunnel (TLS) => Radius Server
Then with proxy :
Client (EAP-TTLS) => ? => Proxy Radius Server => ? => Radius
BR,
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
