Greetings, I'm working on a deployment that should support PEAP with MSCHAPv2, but which cannot have either plaintext passwords nor NT hashes stored (the latter can be decrypted in miliseconds on sites such as http://www.hashkiller.co.uk/ntlm-decrypter.aspx).
Passwords are stored in BCrypt hash format, so my questions are: 1. I could, when signing users up, do plaintext -> nthash -> bcrypt, and then compare the incoming nthash from the client also passed through bcrypt inside a hook. I've spent the last two days looking at hook examples, mailing list posts and the documentation, but I cannot figure out where to put the hook, or how to get the nthash from the EAP messages. 2. A secondary question, derived from #1 above: is there any documentation on hooks that explains how/what parameters and functions are available for each hook type? I don't mind looking through code, but I've not found a clear answer. Example: for PreAuthHook, we're told $_[0] contains a "reference to the current request"... kind of vague. I'm doing AuthBy SQL, no LDAP (found tons of password-related info for LDAP and its hooks... but not useful). Cheers, Mike _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
