(RADIATOR) password encryption and proxying to iPass
Hugh Irvine
hugh at open.com.au
Thu Nov 7 01:08:14 CST 2002
Hello Dave -
Actually, you will see the decoded password if PAP is being used.
You will not see it for CHAP.
regards
Hugh
On Thursday, November 7, 2002, at 06:22 AM, Dave Kitabjian wrote:
> I just observed something, but maybe someone can tell me if I'm right
> or confused...
>
> I just noticed that foreign iPass users hitchhiking on our network
> (aka, "iPass outbound") are showing up in our Authentication Log,
> complete with clear text passwords.
>
> Now, I know this info is MD5 encrypted between the NAS and Radiator,
> and then later it's encrypted between the local outbound iPass server
> and the central iPass network via a proprietary iPass protocol. But I
> guess internal to Radiator it's inevitable that the passwords be
> available in clear text? Or maybe it's only necessary for CHAP, but
> PAP can store the p/w encrypted so it's NEVER in cleartext?
>
> Thanks all,
>
> Dave
>
NB: I am travelling this week, so there may be delays in our
correspondence.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 1748 bytes
Desc: not available
URL: <http://www.open.com.au/pipermail/radiator/attachments/20021107/c4a28c49/attachment.bin>
More information about the radiator
mailing list