(RADIATOR) CHAP issues

Hugh Irvine hugh at open.com.au
Thu Sep 19 17:28:18 CDT 2002


Hello Dan -

Radiator already provides this support with {rcrypt} passwords.

Have a look at section 13.1.1 in the Radiator 3.3.1 reference manual.
("doc/ref.html").

regards

Hugh


On Friday, September 20, 2002, at 07:19 AM, Danil Melomedman wrote:

> I was thinking about Radiator's CHAP support a little.
> Clear text passwords are a bad idea, we all know it.
> How about a two-way encryption added to Radiator for these passwords?
> For CHAP, decrypt the password before it's needed. This would be a 
> compromise, I think.
> When stored in an LDAP directory entry, it could have {CHAP} prefixed 
> to distinguish it from other
> userPasssword values. The key for a two-way encryption would be stored 
> in a file. If need to be fancy,
> store a random key per user in a database, or LDAP directory to make 
> passwords even harder to steal.
>
> This is needed because some people are forced to use CHAP (since large 
> aggregators won't switch their NASes
> on customers' requests to PAP first, CHAP second.
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list