Phil Mayers wrote: > On Mon, 2007-07-09 at 22:44 +0100, Arran Cudbard-Bell wrote: > >> Alan DeKok wrote: >> >>> Johan wrote: >>> >>> >>>> I'm wondering if it's possible to authenticate a user who is using >>>> mschap authentication with perl. >>>> >>>> >>> Sure. Just re-write all of the MS-CHAP authentication protocol in >>> rlm_mschap in Perl. >>> >>> But why the heck would you want to do that? >>> >>> >>> >> You know i've been thinking of doing that in PHP (PHP Based supplicant >> for weblogin via RADIUS), i'm sure it's possible... and it would be of >> some benefit, just the RFC makes my head hurt... one of the few times >> I've regreted not studying computer science. *sigh* something to do >> with hashing the nt hash using different sha functions. >> > > I suggested this to a BlueSocket rep after my 802.1x talk at NetworkShop > 2006 (I think...) to get over the problems of PAP on eduroam - but my > suggestion went further and was to do it in JavaScript on the browser, > have the server simply act as a relay. > > I imagine that'd be even trickier. I got about an hour into coding it > and lost the will to live... > Trying to code an MSCHAP client in JS thats just insane ?! But kudos for trying. It appears that there is actually a wrapper class in the pecl repository to do PAP , ChapMD5, MSChapV1 MSChapV2. You'd need the Radius extension installed, though that too can be downloaded from pecl.
What exactly was the issue with doing PAP over Eduroam ? Was it people being afraid of passing weakly encrypted passphrases around the interweb, or home sites just not bothering to implement PAP on their Radius servers ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
