Hello list,
I'm using freeradius since 1 month. I'm running freeradius 2.1.9 on
fedora 13 with EAP-TTLS and PAP inside the tunnel. The users are
authenticated against OpenLDAP. Even if the password is cleartext
(PAP), it should be protected by the crypted tunnel. Then the first
question is:
Is this mechanism quite secure or do you suggest using another mechanism?
If I'm not wrong, there should be two different methods to get
authentication with LDAP as backend. The first is just pass the
credentials to the ldap server and try to authenticate. The second is
freeradius obtain the password from ldap, strip the header (i.e
{crypt} ), take the first two characters of the salt and use it to
crypt the password sent by the . If the two hash are the same, the
user is authenticated. In this case wich is the best method and how
the relevant files have to be modified? Should I modify also
ldap.attmap?
Thanks a lot.
Matteo
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
