Hi cornelinux,
thanks a lot for your really quick answer.
No, the password was only visible using radclient, which obviously doesn’t use EAP.
The following authentication methods for the remote identity would be at my disposal:
RSA signature:
Use of digital certificates with private RSA key and RSA signature scheme
ECDSA-256:
Elliptic Curve Digital Signature Algorithm (ECDSA) with SHA-256 on the P-256 curve
ECDSA-384:
ECDSA with SHA-384 on the P-384 curve
ECDSA-521:
ECDSA with SHA-512 on the P-521 curve
Digital signature:
Use of configurable authentication methods with digital certificates as per RFC 7427. This procedure is an extensible and flexible authentication technique that allows padding and hash algorithms to be configured freely.
EAP:
EAP can be used for any desired authentication method, e.g. TLS (authentication via certificate) or MSCHAP (authentication via user credentials).
Do you see any, which would work with privacyIDEA for my scenario?
Thanks a lot in advance
Best regards,
Florian