Score:0

Is Okta's RADIUS agent using PAP considered secure?

it flag
Bob

Okta RADIUS only supports PAP-based authentication, which OpenVPN Access Server supports. Can someone help me understand how this makes any amount of sense??? (both how Okta can justify implementing this and how OpenVPN can support this?)

You would commonly see PAP used on ancient operating systems or legacy systems. And it’s very unusual to see PAP used by itself these days. That’s because PAP communicates in the clear. So there’s no encryption or any additional security of the information you’re sending using this Password Authentication Protocol.

As for thought around the point of having it set up with RADIUS in the first place, you would think that MFA would have to be mandatory since you are sending your credentials in the clear...however, that is not the case their documentation.

If MFA is not enabled and the user credentials are valid, the user is authenticated. If MFA is enabled and the user credentials are valid, the user is prompted to select a second authentication factor. The user selects one (e.g., Google Authenticator or Okta Verify) and obtains a request for a validation code. If the code sent back to the client is correct, the user gains access.

I saw reading through their documentation that Okta uses SSL pinning. Still, I fail to see how that would be helpful since the communicating VPN solution is not going to send this over in some sorted encapsulated format? (Or am I misunderstanding?)

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.