topic Re: Password encryption when using RADIUS in General Topics

Password encryption when using RADIUS

Retired Member — Wed, 13 Apr 2011 18:50:04 GMT

I have looked through the RADIUS configuration guide located at https://live.paloaltonetworks.com/docs/DOC-1701, and I was wondering about the requirement to enable unencrypted PAP authentication. We are subject to PCI Data Security Standards compliance, and one of the requirements is that passwords never be transmitted in clear text across a network. Is there a way to use our Active Directory for authenticating admin access to the Palo Alto, without using unencrypted authentication?

Re: Password encryption when using RADIUS

kbrazil — Wed, 13 Apr 2011 22:45:06 GMT

Though the PAP authentication is not encrypted, the RADIUS protocol automatically encrypts passwords when communicating over the network. Since the PAP authentication happens within the context of RADIUS you should be fine.

Cheers,

Kelly

Re: Password encryption when using RADIUS

Retired Member — Thu, 14 Apr 2011 13:57:44 GMT

Excellent. Thanks for the clarification.