At 05:18 PM 10/23/2001 -0400, Russell Enderby wrote:
>The FAQ says to do this:
>
> >So, if you're using CHAP, for each user entry you must use:
> >
> > Auth-Type = Local, Password = "stealme"
> >
> >If you're using only PAP, you can get away with:
> >
> > Auth-Type = System
>
>In the users file I changed the default line from
>Auth-Type=System to
>Auth-Type := Local, Password == "stealme"
>
>and by doing this all users have to use 'stealme' as their password then to
>authenticate. Certainly this is not how CHAP protocol is supposed to
>work. What
>I need is to be able to do PAP and CHAP using the System to check the unix
>shadow
>file for their password to authenticate correctly.
>
>It seems this change does no do that.
>
>Does anyone else know how to do this kind of authentication?
Read further. You can't. In order to do CHAP you *must* store the
passwords in plaintext locally in the users file ( or sql database ).
You *CANNOT* use CHAP authentication with encrypted system passwords.
Sorry, that's how CHAP was designed.
If you want to support both, you need to cater to the least common
denominator, and that's CHAP.
PAP: Works with encrypted and non-encrypted passwords.
CHAP: Works with non-encrypted passwords.
-Chris
--
\\\|||/// \ Chris Parker - Manager, Development Engineering
\ ~ ~ / \ WX *is* Wireless! \ [EMAIL PROTECTED]
| @ @ | \ http://www.starnetwx.net \ (847) 963-0116
oOo---(_)---oOo--\------------------------------------------------------
\ Without C we would have 'obol', 'basi', and 'pasal'
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
