Password encryption when using RADIUS

L1 Bithead

Password encryption when using RADIUS

I have looked through the RADIUS configuration guide located at, and I was wondering about the requirement to enable unencrypted PAP authentication.  We are subject to PCI Data Security Standards compliance, and one of the requirements is that passwords never be transmitted in clear text across a network.  Is there a way to use our Active Directory for authenticating admin access to the Palo Alto, without using unencrypted authentication?

Tags (2)
L4 Transporter

Re: Password encryption when using RADIUS

Though the PAP authentication is not encrypted, the RADIUS protocol automatically encrypts passwords when communicating over the network.  Since the PAP authentication happens within the context of RADIUS you should be fine.



L1 Bithead

Re: Password encryption when using RADIUS

Excellent.  Thanks for the clarification.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!