(RADIATOR) CHAP and EncryptedPassword

Hugh Irvine hugh at open.com.au
Mon Feb 25 17:40:50 CST 2002


Hello Andy -

There is already provision for dealing with encrypted and plaintext passwords 
in the same database - you just need the standard prefixes on the strings to 
indicate what form of encryption is used for that particular password.

In other words, you simply remove the EncryptedPassword paramter from the 
AuthBy clause, and add the required prefix(s) to the encrypted passwords.

The prefixes are listed in section 13.1.1 of the Radiator 2.19 reference 
manual ("doc/ref.html").

regards

Hugh


On Tue, 26 Feb 2002 07:34, Andy Dills wrote:
> Ok, we use third party outsourcing for many of our modem ports across the
> states. Some vendors (Qwest, UUnet) use CHAP. We use PAP, and have always
> kept our passwords encrypted. Now, interestingly, Qwest and UUnet both
> have monthly hour limits. So, my thought was to make the user supply the
> username and password via a webpage, thus proving they know ahead of time
> about the hour limits. At the same time, this would insert the cleartext
> password into the database, so that CHAP authentication can occur.
>
> However, I have noticed a glaring problem. With AuthBy SQL, if you define
> EncryptedPassword, there is no way to use CHAP. There's an easy fix for
> this; how about a CHAPAuthSelect definition which is applied when CHAP
> auth is requested? You could even take it a step further and create a
> PAPAuthSelect, and set the default on both to be the AuthSelect.
>
> I'd much rather see that put in place (which will benefit Radiator users
> everywhere) than me going to the trouble of writing a hook specifically to
> deal with this.
>
> Andy
>
> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Andy Dills                              301-682-9972
> Xecunet, LLC                            www.xecu.net
> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Dialup * Webhosting * E-Commerce * High-Speed Access
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list