Hello Dave -
Actually, you will see the decoded password if PAP is being used.
You will not see it for CHAP.
regards
Hugh
On Thursday, November 7, 2002, at 06:22 AM, Dave Kitabjian wrote:
I just observed something, but maybe someone can tell me if I'm right or confused...
I just noticed that foreign iPass users hitchhiking on our network (aka, "iPass outbound") are showing up in our Authentication Log, complete with clear text passwords.
Now, I know this info is MD5 encrypted between the NAS and Radiator, and then later it's encrypted between the local outbound iPass server and the central iPass network via a proprietary iPass protocol. But I guess internal to Radiator it's inevitable that the passwords be available in clear text? Or maybe it's only necessary for CHAP, but PAP can store the p/w encrypted so it's NEVER in cleartext?
Thanks all,
Dave
NB: I am travelling this week, so there may be delays in our correspondence.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.