I hope this is not a totally stupid question.
Suppose a user [EMAIL PROTECTED] wants to access the network at org-2 by
authenticating at org-1 via the proxy mechanism.
Suppose we want to use PAP-TTLS.
It would seem natural that the proxying is done on the basis of the outer
identity and the tunneled data is never revealed to the proxy server
at org-2. Unfortunately our tests seem to show that the server at org-2 needs
to get the user data, including the password.
Is it possible to configure things in the secure way? Of course, the
servers need to trust each other, but some trust is one thing and seeing
passwords in plain text is another. I realise that other forms of
authentication, which do not transmit passwords will not have that problem.
Yours
Tomasz
--
Tomasz M. Wolniewicz
[EMAIL PROTECTED] http://www.uni.torun.pl/~twoln
Uczelniane Centrum Informatyczne Information&Communication Technology Centre
Uniwersytet Mikolaja Kopernika Nicolaus Copernicus University,
pl. Rapackiego 1, Torun pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750 fax: +48-56-622-1850 tel kom.: +48-693-032-576
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
