[954] in linux-security and linux-alert archive
[linux-security] Radius
daemon@ATHENA.MIT.EDU (Alexander O. Yuriev)
Thu Jul 25 04:38:46 1996
To: linux-security@tarsier.cv.nrao.edu
In-reply-to: Your message of "Tue, 23 Jul 1996 13:20:40 EDT."
<Pine.LNX.3.94.960723131804.29884B-100000@wsb.champlain.edu>
Date: Wed, 24 Jul 1996 09:39:59 -0400
From: "Alexander O. Yuriev" <alex@bach.cis.temple.edu>
>
> On Mon, 22 Jul 1996, Eric M. Boyd wrote:
> > Everywhere I look security wise, people say to stay away from NIS because
> > it's very insecure, and that NIS+ isn't much better. Does anyone have any
> > suggestions as to a replacement to use?
>
> Is Radius a good answer here? I have heard stories of people using it as
> user auth for linux accounts as well as for portmasters.
The answer is "probably not". Unfortunately Radius like protocols provide
secure authentication only if one has access to a secure link from his/her
point of presense to a point of access controlled by radius. Otherwise, the
link itself is vulnerable to passive attacks. Also, Radius authenticated
connections are vulnerable to the active attacks where intruder wait for
authentication process to be completed and then hijacks the connection.
Best wishes,
Alex