Re: Heads Up

Carl Rigney ((no email))
Mon, 21 Jul 1997 02:53:26 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Robert Hiltibidal: "Re: Term emulation"
Previous message: MegaZone: "Multi-link ppp on analog ports of a PM3 (fwd)"

>> Note that while the current implementation Livingston's RADIUS server
>> and ComOS use ASCII secrets for administrative convenience, the
>
>It would be a good idea to store the password *crypted* in the clients
>file, in case a hacker (tm) gets access to the RADIUS server... Any
>hacks for the source available?

Encrypting the shared secrets in the clients file doesn't do you any
good. You need it in cleartext to perform the MD5 authentication,
so if you encrypt it you also have to store the key somewhere on the system
(or fetch it from somewhere using some secure protocol), and if the bad
guy has root permission to read your clients file, he has those too.

The bottom line is this: If the bad guy has root permissions on your
authentication server, you lose big. So protect your RADIUS server
host by taking proper security precautions.

--
Carl Rigney

Next message: Robert Hiltibidal: "Re: Term emulation"
Previous message: MegaZone: "Multi-link ppp on analog ports of a PM3 (fwd)"