At 12:17 PM 3/21/2002 -0500, Mike Cathey wrote:
>Chris,
>
>The qmail-ldap (<http://www.nrg4u.com>) code (actually IIRC it's the auth
>code) supports 2 menthods of LDAP auth. One method attempts to bind to
>the directory as the user, which is what it sounds like FreeRADIUS
>does. The other methold is to bind to the directory as a privileged user
>(one who has access to all user attributes), crypt what the client handed
>you and compare it to userPassword.
The client hands you an already ( and non-reversable ) encrypted string.
Encrypting it a second time will yield nothing useful.
>I may be possible to implement the second method in FreeRADIUS and use it
>for LDAP/CHAP auth. Comments?
The only way to perform CHAP authentication is for the server to have
access to the unecrypted password locally.
-Chris
--
\\\|||/// \ StarNet Inc. \ Chris Parker
\ ~ ~ / \ WX *is* Wireless! \ Director, Engineering
| @ @ | \ http://www.starnetwx.net \ (847) 963-0116
oOo---(_)---oOo--\------------------------------------------------------
\ Wholesale Internet Services - http://www.megapop.net
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
