(RADIATOR) CHAP and PAP

Hugh Irvine hugh at open.com.au
Thu Oct 26 19:26:53 CDT 2006 

Hello Mike -

Of course you will also need to remove the "EncryptedPassword"  
parameter from the AuthBy SQL clause(s).

regards

Hugh


On 27 Oct 2006, at 10:13, Hugh Irvine wrote:

>
> Hello again Mike -
>
> We have just been discussing this again here and I don't think my  
> suggestion will work, unfortunately.
>
> The alternative therefore is to add "{crypt}" prefixes to your  
> existing passwords, except for those plaintext passwords which can  
> either have "{clear}" prefixes or be left as cleartext.
>
> Apologies for any confusion.
>
> regards
>
> Hugh
>
>
> On 27 Oct 2006, at 08:49, Hugh Irvine wrote:
>
>>
>> Hi Mike -
>>
>> As you suggest below, you can use "{clear}password" just for those  
>> users who need it and leave the rest as they are.
>>
>> See sections 12.1.1 and 12.1.2 in the Radiator 3.15 reference  
>> manual ("doc/ref.html").
>>
>> regards
>>
>> Hugh
>>
>>
>> On 27 Oct 2006, at 07:53, Mike Gomez wrote:
>>
>>> Hi All,
>>>
>>> I've run into a bit of a problem that I'm hoping I can figure out  
>>> without
>>> having to do too much of an overhaul on our mysql database. ;)   
>>> We've been
>>> using Radiator and PAP authentication for years (using just  
>>> standard unix
>>> encryption on passwords).  We've just recently switched dialup  
>>> providers, and
>>> some of the Qwest numbers they use only allow CHAP.
>>>
>>> It's only for a small subset of my users that this is causing a  
>>> problem for
>>> (150 out of the 12,000 or so in the database).  Since my  
>>> passwords aren't in
>>> clear text, CHAP won't work.  From what I've read, I believe I  
>>> could change
>>> all of my users to clear text passwords and then both PAP and  
>>> CHAP would
>>> work, but I'd honestly like to avoid making changes to all 12,000  
>>> users and
>>> just change the 150 that are having problems.
>>>
>>> We use the EncryptedPassword option, since we don't have {crypt}  
>>> specified
>>> before each password.  Is there any way I could just change the  
>>> problem users
>>> to have their passwords set as "{clear}password" in mysql and not  
>>> have to end
>>> up changing all of the rest of the passwords (either to clear  
>>> text, or by
>>> putting {crypt} in front of them)?  I'm reading through the  
>>> reference manual,
>>> but the only way I can see to do this is either by changing  
>>> everyone to clear
>>> text, or using the {} before each user's password to describe  
>>> whether it's
>>> encrypted of not.
>>>
>>> Thanks in advance for any help! :)
>>> -- 
>>> Mike Gomez
>>>
>>> --
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>
>>
>>
>> NB:
>>
>> Have you read the reference manual ("doc/ref.html")?
>> Have you searched the mailing list archive (www.open.com.au/ 
>> archives/radiator)?
>> Have you had a quick look on Google (www.google.com)?
>> Have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>>
>> -- 
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>> Includes support for reliable RADIUS transport (RadSec),
>> and DIAMETER translation agent.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>> -
>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>
>>
>> --
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/ 
> archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> -- 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec),
> and DIAMETER translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list