[CoovaChilli] Is clear text over TLS supported?

Nemesis nemesis at ninux.org
Thu Dec 14 15:59:10 GMT 2017


Hi everyone,

we have a scenario in which freeradius 3 is configured to authenticate
users via a RESTful API (using the rlm_rest module), the password gets
to freeradius in clear text over TLS and freeradius forwards it to the
API still in clear text using HTTPS, the password are stored in the
database with a strong algorithm (PBKDF2) using the django framework.

The code of this implementation is open source but still unreleased:
https://github.com/openwisp/django-freeradius

We use this kind of setup with PfSense, but I'm looking for alternatives
that can be used on OpenWRT/LEDE without the need of having a
centralized captive portal.

While trying coova-chilli, I realized passwords can be sent to radius
using one of these:

pap, mschapv2 or chap

Is there a way to send the password in clear text?

I tried also setting uamsecret to empty string but to no effect.

The best would be to have it sent in clear text over TLS.

Is anything like this possible at all?

Best regards
Federico


More information about the CoovaChilli mailing list