Hi, I have freeradius server using ldap DS for aaa. my radius supports vpn users and uses PAP. what is the best way for secure user_passwords in connection between ldap server to user?
> I have freeradius server using ldap DS for aaa. my radius supports vpn > users and uses PAP. > what is the best way for secure user_passwords in connection between > ldap server to user?If you''re authenticating against a RADIUS server, clients won''t be talking to LDAP directly at all. Any connection security (I''m assuming you''re talking about something like encryption here) would need to be done with your RADIUS server, and LDAP server<->client password security is a non-issue.
On Tue, Jun 17, 2008 at 1:37 PM, Zahra Bahar <zahra_bahar@ec.iut.ac.ir> wrote:> yes, but using PAP, passwords are sent as clear-text between radius server > and ldap ds and it is unsecure, Is it true?I guess for that you need to use SSL/TLS between radius server and DS http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_SSL.html> > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
yes, but using PAP, passwords are sent as clear-text between radius server and ldap ds and it is unsecure, Is it true?
Zahra Bahar wrote:> yes, but using PAP, passwords are sent as clear-text> between radius server and ldap ds > and it is unsecure, Is it true? Which is why people who are worried about password security don''t use PAP alone - most Radius implementations (e.g. for wireless logins) use other protocols instead of or encapsulating PAP.