Network Appliance Authentication and FreeRadius Using MD5

Samuel Vange

unread,

Dec 12, 2016, 1:47:32 PM12/12/16

to SIMP Q&A Forum

Hi All,

I just watched a talk that Trevor gave (https://www.youtube.com/watch?v=XLIBk03rcJo&index=3&list=WL) in which he mentioned that Radius requires MD5 (so it won't work on systems on which FIPS mode is enabled). Is this true? If so, is there some other (already developed) network appliance authentication solution like a SIMP TACACS+ module that will work on a FIPS mode enabled system?

Thank you.

Trevor Vaughan

unread,

Dec 12, 2016, 5:20:13 PM12/12/16

to Samuel Vange, SIMP Q&A Forum

Hi Samuel,

This is 100% true as we found when we were trying to test freeradius and getting extremely confused.

At this time, the best that we can suggest is to have a small bastion VM that is not FIPS enabled that does the intermediary work.

I've heard that people have gotten TACACS+ solutions working but I have no idea if any of those systems were FIPS enabled.

If you figure out a good working solution, please share if you can. It's just one of those antiquated protocols that keeps on giving.

Trevor

--
You received this message because you are subscribed to the Google Groups "SIMP Q&A Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to simp+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/simp/77d907a7-f3fc-4e8f-9219-aa608ce851e2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Trevor Vaughan
Vice President, Onyx Point, Inc

(410) 541-6699 x788

-- This account not approved for unencrypted proprietary information --

Samuel Vange

unread,

Dec 12, 2016, 8:39:35 PM12/12/16

to SIMP Q&A Forum, samue...@gmail.com

Thank you Trevor,

I will update this thread if we come up with an interesting solution.

On Monday, December 12, 2016 at 2:20:13 PM UTC-8, Trevor Vaughan wrote:

Hi Samuel,

This is 100% true as we found when we were trying to test freeradius and getting extremely confused.

At this time, the best that we can suggest is to have a small bastion VM that is not FIPS enabled that does the intermediary work.

I've heard that people have gotten TACACS+ solutions working but I have no idea if any of those systems were FIPS enabled.

If you figure out a good working solution, please share if you can. It's just one of those antiquated protocols that keeps on giving.

Trevor

On Mon, Dec 12, 2016 at 1:47 PM, Samuel Vange <samue...@gmail.com> wrote:

Hi All,

I just watched a talk that Trevor gave (https://www.youtube.com/watch?v=XLIBk03rcJo&index=3&list=WL) in which he mentioned that Radius requires MD5 (so it won't work on systems on which FIPS mode is enabled). Is this true? If so, is there some other (already developed) network appliance authentication solution like a SIMP TACACS+ module that will work on a FIPS mode enabled system?

Thank you.

--
You received this message because you are subscribed to the Google Groups "SIMP Q&A Forum" group.

To unsubscribe from this group and stop receiving emails from it, send an email to simp+uns...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/simp/77d907a7-f3fc-4e8f-9219-aa608ce851e2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply all

Reply to author

Forward