(RADIATOR) PEAP or LEAP and LDAP with encrypted passwords

Terry Simons galimore at mac.com
Thu Oct 23 11:21:52 CDT 2003


Mauro,

Due to the way PEAP works, your passwords have to be clear-text, or 
reversibly encrypted on the server.

The MSCHAP hash that is generated for the PEAP inner authentication 
uses some dynamic information that causes your hash to change with each 
authentication.  For this reason, the server needs to have access to 
the clear-text in order to properly compute its MSCHAP hash as well.

Does that help?

We are using TTLS->PAP, which allows us to keep hashed passwords on the 
server, for this exact reason.

- Terry

On Thursday, October 23, 2003, at 07:46  AM, ZAGO, Mauro wrote:

> Is there any way to authenticate a wireless user with the account
> informations stored in LDAP and with an encrypted password (SHA1)???
>
> I've got results only with users with plain-text passwords.... (LEAP
> and PEAP)
>
> Thanks!
> ______
>
> Mauro
> ______
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list