(RADIATOR) Wireless Authentication question

Mike McCauley mikem at open.com.au
Mon Feb 2 17:31:28 CST 2004 

Hello Joe,


On Tue, 3 Feb 2004 07:57 am, Joe Honnold wrote:
> I have an LDAP infrastructure that is using SHA1 encrypted passwords.
> After testing TTLS<->PAP with the Odessy client the decision was made
> not to move forward with it.
> I need to take a closer look at LEAP.
> I am looking for some advise on the following:
>
> I was hoping I can get Radiator to authenticate to a CGI running on a
> web server which is then bound to LDAP.  I am not sure whether this
> makes sense or not???

Yes, that is possible, but I dont think it will help you with your LEAP 
access. In order to authenticate LEAP, the authenticator needs access to the 
plaintext or reversibly encrypted password. It will not be possible to 
authenticate LEAP against SHA1 encrypted passwords (SHA1 is a one-way hashing 
function).

The only way you will get LEAP to work with LDAP is to put plaintext or RCrypt 
encrypted passwords in the LDAP database, or else use TTLS-PAP, which will 
work with any type of encrypted or non-encrypted password database.

Hope that helps.
Cheers.


> Do you think it an be done?  What are the gotta's?
>
> I see the process as this.
>
> Client<--->AP<--->Radius<--->Web Server CGI<--->LDAP
>
> With LEAP is the auth request encrypted to the AP?
>
> Thanks in advance.
> joe.
>
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list