Hello,
I'm researching what it would
take to have strong encryption of the channel between Linux client machines and
a FreeRadius server. It looks like FreeRadius supports PEAP and
EAP-TTLS.
Both these are supported by the
Open 802.1x package, however I am interested in using PEAP or
Steve Chan wrote:
What we're looking to do is pass a cleartext password over a
cryptographically secure Radius connection from Unix/Linux clients to a
Radius server. Users will be trying to login via ssh or on the console,
and PAM is configured to go to Radius for authentication. The
Josh,
Thanks for the
reply.
From Josh Howlett [EMAIL PROTECTED]
The User-Password attribute is protected
to a reasonable degree of security if you make the effort to generate
(and protect) a "good" secret for your RADIUS peers. This generally
satisfies the cryptowonks in the places
Steve Chan [EMAIL PROTECTED] wrote:
The problem is that for a large deployment (say, hundreds of client
hosts), managing those secrets becomes an issue. If you share secrets
then the compromise of 1 system reveals the secret for all systems
sharing it, if you keep individual secrets, you
4 matches
Mail list logo
