Re: Authentication ?

Alan Cragg ( acragg@ctf.com )
Thu, 24 Apr 1997 14:11:11 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Previous message: Josh Hillman: "Re: Radius 1.60 load error"
Next message: Robert McGuire: "RE: Protection fault"
Maybe in reply to: Greg Lowthian: "Authentication ?"
Next in thread: Dale E. Reed Jr.: "Re: Authentication ?"

On the point of authentication,

What is the best way to secure the user list if it is in a MS Access
Database. It is a system DSN if radius is installed as a service, correct?.
How accessible is this database to external users, by external I mean
anyone connected to the machine through the network by any protocol.

Also, if putting Winnt in as the password causes radius to lookup the
password in the NT database and then write an unencrypted copy into the
Radius database isn't this defeating the NT security somewhat. If the
person later changes his winnt password then this change won't reflect in
the Radius database, and vice-versa, which kind of makes the feature not so
useful.

Sorry if I'm babbling, but most authentication schemes use some kind of
encryption of the user list, but Radius seems to just leave everthing open
as clear text. Has this caused anybody concern or is there someother
safeguard that makes the Radius userlist safe.

Thanks to anyone who can clear this up for me.

Alan

At 06:39 PM 4/23/97 -0700, you wrote:
>Greg Lowthian wrote:
>>
>> I have two PM-3's remote from my Radius servers. Is it possible
to have a
>> secondary authentication server that will ignore username and password and
>> let anyone on if the link to the primary goes down for a short time. I
>> don't want to maintain two user databases.
>
>No. RadiusNT 2.2 will have failover upon ODBC failover in case of ODBC
>failure, though. This typically will be either an MS Access database,
>or
>users file.
>
>> On a second note has anyone figured out how to use the NT/SAM
bug to pull
>> username and passwords from an NT server.
>
>RadiusNT 1.19.00 has the ability to reverse them out on the fly. You
>add the
>users to ODBC and put "WINNT" as their password and enable the option.
>Whenever
>RadiusNT authenticates a user successfully (with PAP) it will then save
>the
>unencrypted password into the database, replacing the "WINNT".
>
>--
>Dale E. Reed Jr. (daler@iea.com)
>_________________________________________________________________
> IEA Software, Inc. | RadiusNT, Emerald, and NT FAQs
> Internet Solutions for Today | http://www.emerald.iea.com
>
> ----------------------------------------------------------
> RadiusNT Mailing List listserver@emerald.iea.com
>
>
---------------------------------------------------------------
R. Alan Cragg, B.Sc.
CTF Systems Inc. Ph: (604) 941-8561
15-1750 McLean Ave. Fax: (604) 941-8565
Port Coquitlam, B.C. email: acragg@ctf.com
Canada V3C 1M9 Web Page: http://www.ctf.com
----------------------------------------------------------------

Previous message: Josh Hillman: "Re: Radius 1.60 load error"
Next message: Robert McGuire: "RE: Protection fault"
Maybe in reply to: Greg Lowthian: "Authentication ?"
Next in thread: Dale E. Reed Jr.: "Re: Authentication ?"