[ 
https://issues.apache.org/jira/browse/GUACAMOLE-774?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16813413#comment-16813413
 ] 

Nick Couchman commented on GUACAMOLE-774:
-----------------------------------------

{quote}
we stopped the project because  pap authentification is not secure that why we 
need mschapv1 or 2 any help ? 
{quote}

If MS-CHAP relies upon MD4, I would argue that is not secure, either.  One 
protocol that I know for sure that I tested was eap-ttls, which creates a 
secure tunnel that allows other protocols (chap, pap, etc.) to be used 
securely.  If security is that high a priority to you, feel free to use 
eap-ttls.

{quote}
Like this . what files do i need to change ?
{quote}

My guess is that implementing the work-around that you referenced from OpenNMS 
would be done somewhere in the RadiusConnectionService.java file - there are 
places in there where it checks for the RADIUS protocol being used, and you 
could check, there, for MS-CHAPv1/2 and load MD4 support using a method similar 
to the one used in the OpenNMS code.  I would have to play with it to see if it 
actually worked and where it would go, but you're certainly welcome to give it 
a try, and open a pull request if you get it working.

> RADIUS support for MS-CHAPv1 and MS-CHAPv2 fails
> ------------------------------------------------
>
>                 Key: GUACAMOLE-774
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-774
>             Project: Guacamole
>          Issue Type: Bug
>          Components: guacamole-auth-radius
>    Affects Versions: 1.0.0
>            Reporter: kamal_ezzaki
>            Priority: Minor
>
> after i installed guacamole in my machine i get this error when i try to 
> connect using radius 
> {color:#FF0000}16:39:55 localhost server: 16:39:55.514 [http-bio-8080-exec-8] 
> ERROR o.a.g.a.r.RadiusConnectionService - No such RADIUS algorithm: MD4 
> MessageDigest not available{color}
> {color:#FF0000}Apr 8 16:39:55 localhost server: 16:39:55.532 
> [http-bio-8080-exec-8] WARN o.a.g.r.auth.AuthenticationService - 
> Authentication attempt from 192.168.234.139 for user "TestUser" failed.{color}
>  
> {color:#333333}when i use pap, chap authentification it's passed , but using  
> mschapv1,mschapv2 the connection doesn't passe {color}
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to