From: "Alan DeKok" <[EMAIL PROTECTED]>the client is a xp vpn client using mppe to encrypt the traffic. and mschapv2 to hash the password.
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: problem authenticating to passwd/shadow files Date: Thu, 21 Oct 2004 12:28:03 -0400
"Cameron Birky" <[EMAIL PROTECTED]> wrote: > I encrypt at my client and then the pptpd calls the freeradius > plugin for authentication. does anyone know if pptpd decrypts > before it passes the string to freeradius for authentication?
Q: How do you "encrypt" at the client?
Q: How could pptpd decrypt the password?
pptpd does not decrypt the password, it decrypts the traffic via the established connection
with the client.
If the answer to the second question is "it can't", then FreeRADIUS probably can't decrypt it, either.
once the traffic has gotten to the endpoint I would think (stepping to limb here) that I am dealing
with a decrypted stream of traffic and what ever hash was completed on the client to the
password. so, if I tell the client to use mschapv2, to hash the password, then I would be able to
tell freeradius to do that to "un-hash" it.
but, this leads to the question I asked earlier. is fr comparing a mschapv2 hashed password with
a unix md5 hashed password and failing?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
