On Wed, 24 Oct 2001, Russell Enderby wrote: > But other more commercial radius packages such as steel belted and such allow > this. > > Frankly I dont see why this is a big deal. Why cant radiusd simply take the > password handed to it by CHAP and then compare it to the system shadow file > instead of the plain text password given in the users file? > > If you can auth from a plain text file or a sql database then the protocol clearly > does not care where you compare the password to and it is a restriction of free > radius and not the protocol. > > Russell >
Please, read the CHAP specification. The user password is never sent through the wire. Only a challenge request,response. That is why you NEED the user password in plain text in order to check if the challenge response is valid. -- kkalev - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
