(RADIATOR) PEAP-MSCHAPv2 don't assign WEP key

[Martin Burton]

>I'm not sure if I corectly understand this, but it looks to me that I will
>need to have pre-hashed password prepared for MSCHAPv2... well that it is not
>way I want to go. I wish also to use EAP-TTLS-PAP, EAP-TTLS-CHAP and so on...
>and uhm... have password in cleartext form is for support of users better.
>
>  
>
Jan, even with my patch that enabled NT-Passwords (which sounds very 
much like what Mike and the crew have already done with the main source 
anyway), the password is pre-hashed and presented as a string of 
hexadecimal digits.

The reason we needed this is that we do not store *any* user passwords 
in clear text and MSCHAPv2 will only work with either a LM or NT hash. 
This can be obtained from either a cleartext (which can be hashed, but 
breaks our policy on non-encrypted passwords), an rcrypt (which can be 
decrypted to retrieve the cleartext, and hence generate the hash - we 
figured if it can be decrypted it's just not right for us!), or a 
pre-calculated hash (not ideal, but fits in with our policy).  Since 
there was no support for the way we wanted to store our NT-Password 
hashes, I added it.

Clear-text passwords are supported by radiator against MSCHAPv2, so if 
that's the way you want to go then you shouldn't need to patch.

HTH.

Martin

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.