I hope this is not a totally stupid question. Suppose a user [EMAIL PROTECTED] wants to access the network at org-2 by authenticating at org-1 via the proxy mechanism. Suppose we want to use PAP-TTLS. It would seem natural that the proxying is done on the basis of the outer identity and the tunneled data is never revealed to the proxy server at org-2. Unfortunately our tests seem to show that the server at org-2 needs to get the user data, including the password. Is it possible to configure things in the secure way? Of course, the servers need to trust each other, but some trust is one thing and seeing passwords in plain text is another. I realise that other forms of authentication, which do not transmit passwords will not have that problem.
Yours Tomasz -- Tomasz M. Wolniewicz [EMAIL PROTECTED] http://www.uni.torun.pl/~twoln Uczelniane Centrum Informatyczne Information&Communication Technology Centre Uniwersytet Mikolaja Kopernika Nicolaus Copernicus University, pl. Rapackiego 1, Torun pl. Rapackiego 1, Torun, Poland tel: +48-56-611-2750 fax: +48-56-622-1850 tel kom.: +48-693-032-576 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html