[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Pam and radius



On Thu, 27 Feb 1997, Theodore Y. Ts'o wrote:

>    Date: Thu, 27 Feb 1997 14:55:52 -0500 (EST)
>    From: Greg Boehnlein <damin@seka.nacs.net>
> 
>     We have a situation where it would be VERY VERY VERY nice to be able to
>       allow multiple shell machines to share a single RADIUS database for
>       authentication purposes. Is this possible?
> 
> A Radius database may be useful for securing a terminal server, but last
> I looked at their security properties, I'm not sure I'd want to use it
> for securing shell machines on the network.  (The issue is that you can
> assume a terminal user doesn't yet have network access to attack the
> connection ot the Radius database; this isn't true if you're trying to
> protect against an attacker logging into your machine from the network,
> since in that case the attacker already has network access, and can
> watch the network trafic between the shell machine and the Radius
> server.)

Maybe I don't understand RADIUS, but doesn't it send encrypted information
regarding the client session based on the "secret"?
--
      President of New Age Consulting Service, Inc.  Cleveland Ohio
             SLIP/PPP/Unix Shell   28.8k / ISDN / Leased Line
           http://www.nacs.net   info@nacs.net   (216)-524-8414



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []