> > I'm trying to make a ssh authentication with pam_radius_auth + freeradius + > > ldap > > The problem is that radius is sending the password to ldap in clear and not > > crypted with CRYPT as configured in ldap module . > > Huh? pam_radius_auth sends the password to FreeRADIUS in the clear, > because that's what it does. FreeRADIUS sends this to LDAP because > LDAP doesn't understand anything else.
sending passwords in clear in a network is not secure . pam_radius_auth does have md5 crypting capabilities . that's why you need to set radius key . > > And there is NO configuration in the LDAP module to send the > password in crypted form. I think you're mistaking the configuration > that *reads* the password from LDAP for something else. auto_header = yes that means that it checks for encryption types . right now my passwords in LDAP are stored crypted . for cisco equipments works perfect . > > And in any case, you haven't said why it's a problem. LDAP gets a > clear-text password. So? That's how everyone else uses LDAP. Why is > this wrong for you? What problems does it cause? Using passwords in clear is a lack of security and I don't belive that everyone is doing that! > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html