|
Hello,
I'm researching what it would
take to have strong encryption of the channel between Linux client machines and
a FreeRadius server. It looks like FreeRadius supports PEAP and
EAP-TTLS.
Both these are supported by the
Open 802.1x package, however I am interested in using PEAP or EAP-TTLS to
encrypt Unix login authentication requests, and not wireless connections to an
access point. Looking at Open1x, it doesn't seem to be appropriate for this kind
of application (does anyone else know better?)
I grepped through the source for
the radius libraries that come with FreeRadius and didn't see anything related
to PEAP or EAP-TTLS. Will the client libraries handle PEAP or EAP-TTLS? Are
there any open source packages out there that can take care of
this?
What we're looking to do is pass
a cleartext password over a cryptographically secure Radius connection from
Unix/Linux clients to a Radius server. Users will be trying to login via ssh or
on the console, and PAM is configured to go to Radius for authentication. The
standard security for Radius has many critics, and we're trying to figure out
how to appease the crypto-police.
Thanks for any
help,
Steve
|
