AW: (RADIATOR) AuthBy External und CHAP

Hugh Irvine hugh at open.com.au
Thu Apr 4 17:41:55 CST 2002


Hello Burkhard -

Radiator handles both PAP and CHAP automatically. The difference is that PAP 
passwords can be decrypted and the resulting cleartext password is used to 
perform the same encryption as the encrypted password in the database and the 
two are compared. If there is a match, the passwords are the same. With CHAP 
however, only the encryption is sent and Radiator must perform the same 
encryption on the cleartext password from the database and again, if there is 
a mathc then the passwords must be the same.

It is the NAS that must be configured for either PAP or CHAP.

regards

Hugh


On Thu, 4 Apr 2002 20:18, Burkhard Bartelt wrote:
> Hello Hugh,
>
> we use an API in our external modul to access a SQL-Server Database. The
> passwords are encrypted in this DB. But we have to put a cleartext password
> as input to this API (a dll). The API handles the decryption of the
> cleartext password. I think, the authgeneric.pm handles the encryption of a
> CHAP password. But is does not work and no error occurs in the logfiles
> trace level 4.
>
> How can we configure, that RADIATOR only accept PAP Athentication?
>
> Thanks
> Burkhard.
>
> > -----Ursprüngliche Nachricht-----
> > Von: Hugh Irvine [mailto:hugh at open.com.au]
> > Gesendet: Donnerstag, 4. April 2002 01:10
> > An: Burkhard Bartelt; 'radiator at open.com.au'
> > Betreff: Re: (RADIATOR) AuthBy External und CHAP
> >
> >
> >
> > Hello Burkhard -
> >
> > This is a problem, because you cannot decrypt CHAP passwords.
> >
> > You must have your user passwords stored as cleartext in your
> > database to be
> > able to use CHAP.
> >
> > regards
> >
> > Hugh
> >
> > On Thu, 4 Apr 2002 04:14, Burkhard Bartelt wrote:
> > > Hello,
> > >
> > > we are using <AuthBy EXTERNAL> since several years to
> >
> > authenticate PAP
> >
> > > Users and to decrypt with the special parameter "Decrypt Password".
> > > Currently we are moving to a new provider. His Radius is
> >
> > sending us as
> >
> > > Standard first a CHAP Authentification. If CHAP fails he
> >
> > should send a PAP
> >
> > > Authentification.This is currently not working in our new
> >
> > Providers Radius
> >
> > > (MCI Worldcom). Therefore we need now to decrypt the CHAP
> >
> > Passsword. We
> >
> > > couldn't find how to do this in AuthBy EXTERNAL Could you
> >
> > please help.
> >
> > > FYI: Radiator Version is 2.19 / WIN 2000 Server /ActivePerl
> >
> > 5.1.6.630
> >
> > > Thanks a lot.
> > >
> > > Burkhard Bartelt
> >
> > --
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> > -
> > Nets: internetwork inventory and management - graphical, extensible,
> > flexible with hardware, software, platform and database independence.
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list