Hi Tim,

it is completely impossibe to support CHPA unless you have access to the
_plaintext_ password. This is not a limitation of Radiator, but rather a
logical consequence of the design of CHAP.

With CHAP, the NAS generates a challenge, and transforms the users password and
the challenge and using a one-way hash function. It send the hash and the
challenge to the radius server. The radius server also transforms its idea of
the plaintext password and the challenge, using the same one-way hash. If the
NAS's hashs and the Radius server's hash are the same, bingo, your in.

Obviously, if the Radius server does not have the correct plaintext password
its not possible to implemnet this algorithm.

You will have to either:
1. Not use CHAP
2. Put plaintext passwords in your database. Its possible to have a mix of
plaintext and Unix crypted passwords in your database if you prefix your
crypted passwrods with {crypt}


Hope that helps.

Cheers.

On Jul 7,  3:08pm, Young, Tim wrote:
> Subject: (RADIATOR) Encrypted passwords and CHAP
> Currently we store our passwords in a SQL (mySQL) database and they are
> stored using UNIX crypt password format.
>
> I now have a need to support CHAP authentication using this existing
> database.
>
> Does anyone have any ideas on how this might be done?
>
> Thanks in advance,
>
> Tim Young
> Compuware Corporation
>
>
> ===
> Archive at http://www.thesite.com.au/~radiator/
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>-- End of excerpt from Young, Tim



-- 
Mike McCauley                               [EMAIL PROTECTED]
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985                       Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, 
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to