Hi Stefan,
> Why send clear text passwords over the net at all? > I.e., why don't you simply use CHAP or a similar > protocol? The problem is end-to-end security in proxy chaining envrionment. What ever may be the protocol(CHAP or any EAP method) proxy server can see the passwrod since it posses the shared secret key together with the radius server residing one hop before and after itself. So there is threat of theft of password. In order to overcome this threat we planned to use public key cryptography as explained in previous email. (request) (request) (request) NAS ----------> Proxy1 ----------> Proxy2 ----------> Home (reply) (reply) (reply) Server <--------- <--------- <--------- To make it more clear lets take help of above figure. Here proxy1 and proxy2 are threat to user password because both of these proxies can decrypt the password field and see the password in clear text. Thanks in advance, Tahseen. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html