Tunnel TLS Authentication with PAP
Hi.. i have freeradius that uses LDAP authentication password in md5 format and have ubuntu client that users WPA supplicant with following details, Authentication : Tunneled TLS CA certificate : ca.pem Inner Authentication : PAP Then the username and password , because im using CA certificate(ca.pem) of the radius in the client side , server and client communication should be secure ...correct me if im worng.. i just want to know , is these details are secure to send password via network , because when i ran radius in debug mode i can see the password in clear text. Thank You john - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Tunnel TLS Authentication with PAP
On 05/29/2012 09:49 AM, val john wrote: Hi.. i have freeradius that uses LDAP authentication password in md5 format and have ubuntu client that users WPA supplicant with following details, Authentication : Tunneled TLS CA certificate : ca.pem Inner Authentication : PAP Then the username and password , because im using CA certificate(ca.pem) of the radius in the client side , server and client communication should be secure ...correct me if im worng.. i just want to know , is these details are secure to send password via network , because when i ran radius in debug mode i can see the password in clear text. Of course, TLS encryptes/decryptes at the socket level, FreeRADIUS is seeing the data after it's read off the socket. -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Tunnel TLS Authentication with PAP
Hi, because im using CA� certificate(ca.pem) of the radius in the client side ,�� server and client communication should be secure ...correct me if im� worng.. yes, secure - well, so long as the client is configured to only trust that CA and the CN of the real RADIUS server i just want to know , is these details are secure to send password via network , because when i ran radius in debug mode i can see the password in clear text. you can read it in clear text because its the server! it KNOWS the password because 1) its PAP and 2) it HAS to know the password to be able to authenticate! alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html