(RADIATOR) CHAP and EncryptedPassword

Andy Dills andy at xecu.net
Mon Feb 25 14:34:49 CST 2002



Ok, we use third party outsourcing for many of our modem ports across the
states. Some vendors (Qwest, UUnet) use CHAP. We use PAP, and have always
kept our passwords encrypted. Now, interestingly, Qwest and UUnet both
have monthly hour limits. So, my thought was to make the user supply the
username and password via a webpage, thus proving they know ahead of time
about the hour limits. At the same time, this would insert the cleartext
password into the database, so that CHAP authentication can occur.

However, I have noticed a glaring problem. With AuthBy SQL, if you define
EncryptedPassword, there is no way to use CHAP. There's an easy fix for
this; how about a CHAPAuthSelect definition which is applied when CHAP
auth is requested? You could even take it a step further and create a
PAPAuthSelect, and set the default on both to be the AuthSelect.

I'd much rather see that put in place (which will benefit Radiator users
everywhere) than me going to the trouble of writing a hook specifically to
deal with this.

Andy

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Andy Dills                              301-682-9972
Xecunet, LLC                            www.xecu.net
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Dialup * Webhosting * E-Commerce * High-Speed Access

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list