Luis Daniel Lucio Quiroz schrieb: > I rather preffer pap, you just only put on risk one > account not everibody
Well, then you just shouldn't use (MS-)CHAP. Note however that PAP is incompatible with MS point-to-point-encryption. Also note that getting access to the radius server and reading the "client secrets" is enough to falsify accept packets. (I.e. if you get the client secret, you can try to login as whoever you want and send a falsified accept message for the login attempt), so CHAP doesn't seem to introduce a new risk, IMHO. Regards, Stefan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html