On Fri, 24 Oct 2003, Lai Fu Keung wrote: > On 23 Oct 2003 at 11:20, Alan DeKok wrote: > > > > My problem is that both MS_CHAP and PAP authentications will look up > > > the plain text password. But I want PAP to look up the crypted > > > userPassword. > > > > Again, why? > > We are heading to have Single Sign On for all services. Having a > plain text password on a machine is considered insecure and loss of > privacy. We tend to throw away the plain text password sooner or > later. > > I read the document that MS-CHAP can also use NT-Password. So I am > thinking to have PAP to use crypted userPassword and MS-CHAP to use > an encoded NT-Password eventually. Is it feasible?
Yes. Check the recent thread on 'NT passwords and LEAP' > > What can you suggest in configuring freeradius to have a single > crypted password in our LDAP for all types of logins (with different > authentication protocols)? You can't have a crypted password for certain authentication protocols. Either don't use them or don't use a single crypted password (i would choose the former). > > Thanks for your all replies anyway. > > Lai > > > > > Alan DeKok. > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
