(RADIATOR) PEAP or LEAP and LDAP with encrypted passwords
Terry Simons
galimore at mac.com
Thu Oct 23 11:21:52 CDT 2003
Mauro,
Due to the way PEAP works, your passwords have to be clear-text, or
reversibly encrypted on the server.
The MSCHAP hash that is generated for the PEAP inner authentication
uses some dynamic information that causes your hash to change with each
authentication. For this reason, the server needs to have access to
the clear-text in order to properly compute its MSCHAP hash as well.
Does that help?
We are using TTLS->PAP, which allows us to keep hashed passwords on the
server, for this exact reason.
- Terry
On Thursday, October 23, 2003, at 07:46 AM, ZAGO, Mauro wrote:
> Is there any way to authenticate a wireless user with the account
> informations stored in LDAP and with an encrypted password (SHA1)???
>
> I've got results only with users with plain-text passwords.... (LEAP
> and PEAP)
>
> Thanks!
> ______
>
> Mauro
> ______
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list