(RADIATOR) LEAP LDAPv2 password clarification

Terry Simons galimore at mac.com
Mon Jan 12 13:55:54 CST 2004


Joe,

I'm not very familiar with LEAP, so I can't answer your question 
directly, but there are problems with other protocols that require 
clear text passwords... LEAP  might be similar.

PEAP->MSCHAPv2 requires clear text or reversibly encrypted passwords be 
stored on the server due to the way the authentication takes place.  
The MSCHAPv2 hash needs to be done on the server side, with some random 
data that is gotten per-authentication, so it's not as simple as being 
able to store a static hash or anything like that.  It requires some 
access to the clear text password.

I'm not sure how LEAP handles authentication (unfortunately it's 
proprietary, and people have had to reverse-engineer it) but it might 
be similar... some one else can probably give you a more definite 
answer.

- Terry


On Jan 12, 2004, at 11:28 AM, Joe Honnold wrote:

> We have radiator currently running and configured for wireless 
> authentication via TTLS/PAP with the Odessy client
> I think it works well, but a question has been asked about LEAP 
> support that I can not answer.
> Unfortunately the SHA1 encrypted passwords are the issue.
> Is the clear text password requirement a Radiator limitation?
> Is so, is there a planned release that will support LEAP with SHA1 
> encrypted passwords?
>
> please advise.
> joe.
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list