(RADIATOR) Mac-Adress Check and LDAP on OS X
Christian Kratzer
ck-lists at cksoft.de
Tue Mar 1 13:23:52 CST 2005
On Tue, 1 Mar 2005, Urs Landis wrote:
> Thanks for the Info Christian
>
> i got the same result, but whats about TTLS, TLS, PEAP and MD5 where will
> ServerChecksPassword run and where not?
from reading the code I assume ServerChecksPassword will currently only
run with authentication mechanisms that work by passing username and
password in plaintext to the server.
The only authentication mechanism that implements this would be PAP.
For a good introduction to the concepts behind wireless authentication
frameworks I would recomment following short 2 page paper
http://www.ilabs.interop.net/WLANSec/TTLS-PEAP-lv03.pdf
- TLS only supports certificates so this rules out users and passwords.
- TTLS supports PAP
- PEAP explicitly rules out PAP
the wireless authentication agent in windows xp only supports peap so
if you want TTLS you will have to go with a third party authentication
client. You will have to take care to configure PAP in the client and
not have it default to chap or mschap2.
Greetings
Christian
--
Christian Kratzer ck at cksoft.de
CK Software GmbH http://www.cksoft.de/
Phone: +49 7452 889 135 Fax: +49 7452 889 136
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list