Hi there!
I have a question about the way Radiater de-crypts the passwords that are
held in my LDAP directory.
The passwords are stored in standard unix crypt format.
I'm using a Cisco NAS to request authentication for its dialin peers.
Here's my understanding of how things work. The end user via PAP sends the
plaintext username/password to the NAS.
The NAS uses the radius secret to encrypt the password on the internal
network on it's way to Radiater.
Radiater de-crypts the user password, and compares it to the password
retrieved from LDAP.
I'm assuming that Radiater must first de-crypt the LDAP password before the
comparison.
Is this correct?
Now here is why I ask.....I need to begin using CHAP on the NAS. I
understand that CHAP requires plaintext passwords in LDAP.
If Radiater normally de-crypts the password prior to the comparison (w/
PAP), then can't it de-crypt the LDAP password BEFORE applying the CHAP
one-way hash? Thereby applying the hash to a plaintext password?
Thanks alot!!!
Steve
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Stephen A. Felicetti Sr. Network Engineer
mailto:[EMAIL PROTECTED] Fox Chase Cancer Center
215-728-2956 (v)
215-728-2513 (f)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Stephen Felicetti (E-mail).vcf
