Are passwords ever transmitted in clear-text?

coreybrett · 06-30-2010, 08:06 PM

What type of connection does the Directory Connector use when connecting to an AD server? Is it secure? Are passwords ever transmitted in clear-text?

sky-knight · 06-30-2010, 08:48 PM

Untangle never does any authentication. The only thing the connector does is ask for a list of users. So there never is a password to transmit, other than potentially the admin password... but Microsoft won't allow you to authenticate against AD for anything without encrypting the session.

mrunkel · 07-01-2010, 01:10 AM

It does do authentication if you're using captive portal.

In that case, passwords are sent in the clear on the internal network.

sky-knight · 07-01-2010, 02:22 AM

Hmm sorry about that bit of misinformation on my part. Captive Portal is a new feature, and I utterly blitzed it.

coreybrett · 07-01-2010, 05:24 AM

So would RADIUS be a better choice then? What advantages would AD have over RADIUS? Captive Portal is the only thing I am looking to implement.

coreybrett · 07-09-2010, 08:26 AM

proactivens · 07-09-2010, 09:24 AM

radius allows for user authentication. AD connector allows for group authentication (utilizing ad groups). Thats about it.

06-30-2010, 08:06 PM	#1 (permalink)
coreybrett Untangler Join Date: Apr 2009 Posts: 59	Are passwords ever transmitted in clear-text? What type of connection does the Directory Connector use when connecting to an AD server? Is it secure? Are passwords ever transmitted in clear-text?

06-30-2010, 08:48 PM	#2 (permalink)
sky-knight Join Date: Apr 2008 Location: Phoenix, AZ URLs submitted: 8 Posts: 15,454	Untangle never does any authentication. The only thing the connector does is ask for a list of users. So there never is a password to transmit, other than potentially the admin password... but Microsoft won't allow you to authenticate against AD for anything without encrypting the session. __________________ Rob Sandling, BS:SWE, MCP Intouch Technology Phone: 480-272-9889 rob@intouchtechllc.com UntangleAppliances.com Phone: 866-794-8879

07-01-2010, 01:10 AM	#3 (permalink)
mrunkel Join Date: Jul 2008 Posts: 2,766	It does do authentication if you're using captive portal. In that case, passwords are sent in the clear on the internal network. __________________ m. Big Frickin Disclaimer: While I'm pretty sure, I can't guarantee that I know what I'm doing. There might be a better way to do this, and this way might actually suck. Make sure you understand the implications of what you're doing before trying to follow these directions. It often helps troubleshooting if you have a good network map. Look here if you want my advice on how to draw one. Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself. If you need Untangle support please call or email support@untangle.com

07-01-2010, 02:22 AM	#4 (permalink)
sky-knight Join Date: Apr 2008 Location: Phoenix, AZ URLs submitted: 8 Posts: 15,454	Hmm sorry about that bit of misinformation on my part. Captive Portal is a new feature, and I utterly blitzed it. __________________ Rob Sandling, BS:SWE, MCP Intouch Technology Phone: 480-272-9889 rob@intouchtechllc.com UntangleAppliances.com Phone: 866-794-8879

07-09-2010, 08:26 AM	#6 (permalink)
coreybrett Untangler Join Date: Apr 2009 Posts: 59	bump

Protect

Filter

Perform

Connect

Manage

Add-Ons

07-01-2010, 05:24 AM	#5 (permalink)
coreybrett Untangler Join Date: Apr 2009 Posts: 59	So would RADIUS be a better choice then? What advantages would AD have over RADIUS? Captive Portal is the only thing I am looking to implement.

07-09-2010, 09:24 AM	#7 (permalink)
proactivens Join Date: Sep 2008 Location: Greensburg, Pa Posts: 2,307	radius allows for user authentication. AD connector allows for group authentication (utilizing ad groups). Thats about it. __________________ www.untangleappliances.com Toll Free: 866-794-8879 UNTANGLE PLATINUM PARTNER Follow us at spiceworks!