(RADIATOR) LEAP LDAPv2 password clarification
Terry Simons
galimore at mac.com
Mon Jan 12 13:55:54 CST 2004
Joe,
I'm not very familiar with LEAP, so I can't answer your question
directly, but there are problems with other protocols that require
clear text passwords... LEAP might be similar.
PEAP->MSCHAPv2 requires clear text or reversibly encrypted passwords be
stored on the server due to the way the authentication takes place.
The MSCHAPv2 hash needs to be done on the server side, with some random
data that is gotten per-authentication, so it's not as simple as being
able to store a static hash or anything like that. It requires some
access to the clear text password.
I'm not sure how LEAP handles authentication (unfortunately it's
proprietary, and people have had to reverse-engineer it) but it might
be similar... some one else can probably give you a more definite
answer.
- Terry
On Jan 12, 2004, at 11:28 AM, Joe Honnold wrote:
> We have radiator currently running and configured for wireless
> authentication via TTLS/PAP with the Odessy client
> I think it works well, but a question has been asked about LEAP
> support that I can not answer.
> Unfortunately the SHA1 encrypted passwords are the issue.
> Is the clear text password requirement a Radiator limitation?
> Is so, is there a planned release that will support LEAP with SHA1
> encrypted passwords?
>
> please advise.
> joe.
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list