currently I am trying to set up privacyIDEA to secure web services with 2-factor authentication (combined with SSO). To do this, we use a FortiWeb that supports the common protocols from PAP to MSCHAPv2 to communicate with a RADIUS server. After some research I came to the conclusion that privacyIDEA or the corresponding FreeRADIUS module only supports PAP, which actually seems a bit unsafe to me… But since I can’t imagine that you simply have to accept to transmit passwords in clear text at this point, I would like to ask if there are other ways to secure the communication between the involved components? Or best practices in such a situation?
Thanks for suggestions in advance