"Mitchell, Michael" <[EMAIL PROTECTED]> wrote:
Well its not a standard "feature" of freeRADIUS, and quite possibly shouldn't be, so probably never will be. ;-)
Why isn't it a standard "feature"? Is there an obvious reason? Are you all storing your password in clear text in LDAP or whatever backend you use? Or are you just not using CHAP for authentication?
As was mentioned if a reversable algorithm is used, then it gives you a false sense of security. You can create the same level of security using the appropiate ACLs in the LDAP server.
If you want to store hashed passwords and use a CHAP algorithm for authentication, then you might consider MS-CHAPv2, since you can store the hashed NT passwords in LDAP.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html