Hi, I thought the username/passwd is transfered while the shake-hand. So it wouldn't be able to reuse this transfered (encrypted or not) password for the connection? - Any maybe store it in a database for some time. I am no crypt-expert, so I don't know if the user-password is transfered crypted or not. When I look in my radius log, it shows me the clear-text password of everyone who tries to auth. I would use that transfer to copy username & Passwd and store it in a db, so for the rest of the auth and autz the server would have the passwd. ... or am i wrong in my mind?
cu Sebastian On Fri, 2005-09-16 at 13:12 +0200, [EMAIL PROTECTED] wrote: > Hello, > > > Hi, is there a way, to tell the freeradius to accept an incoming peap > > request, without asking for user credentials, or to accept any > > credentials? > > No, I don't think so. > > > Currently needed to use the credentials guest/guest. It would be > > simpler to accept any credentials, without loosing the encryption. > > The problem is, encryption is based on the clear-text user password, > so this _must_ be stored on the server somehow (e.g. by using > guest/guest). While you can accept arbitrary PEAP requests, there's no > way to extract the clear text password from the request, thus the > server can't get the key for the encryption. > > HTH, > Stefan > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
