>>>>> "PM" == Paul Mackerras <[EMAIL PROTECTED]> writes:
PM> [EMAIL PROTECTED] (Robert Spier) wrote:
>> Is or has any work being done for MSCHAP authentication on the
>> server side?
PM> Yes, I know that MS-CHAP on the server side will store a hashed
PM> form of what the user thinks of as their password, but that
PM> hashed thing is all you need on the client side in order to
PM> authenticate itself to the server. In that sense the hashed
PM> thing is itself a cleartext password.
True. But there is a slight advantage to not storing plaintext
passwords anywhere.
PM> The only advantage of storing the hashed thing comes because of
PM> the bad (IMHO) decision to use the *same* password for
PM> authenticating a user to a machine, and for authenticating that
PM> machine to another machine.
Agreed. What's lacking _is_ a real encrypted storage/transport
authentication system for PPP. You can get one -or- the other,
encrypted transport with CHAP, encrypted storage with PAP.
Thanks!
-R
--
Robert Spier
<[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe linux-ppp" in
the body of a message to [EMAIL PROTECTED]
