Dear Alan DeKok,
For example you may want to allow your users to use PAP, CHAP and
MS-CHAP. In this case you will store cleartext password. Somehow during
authorization it should be decided either to use local, chap or ms-chap
authentication. In case of ms_chap cleartext password should be changed
to NT-Password or LM-Password and if we have LM-Password or NT-Password
we can use MS-CHAP as an Auth-Type. This is exactly what rlm_mschap does
for authorize().
If you needn't PAP/CHAP you should store LM and NT passwords and always
use Auth-Type MS-CHAP. You needn't rlm_mschap in authorize {} in this
case.
I believe obtaining LM-Password and NT-Password is a part of
authorization, not authentication process. But if required I can move it
to authenticate().
--Friday, April 26, 2002, 6:12:25 PM, you wrote to
[EMAIL PROTECTED]:
AD> 3APA3A <[EMAIL PROTECTED]> wrote:
>> mschap in authorize is only required if you store cleartext
>> password, in this case it produces NT/LM hashes from cleartext.
AD> That work can be done in the 'authenticate' code, can't it? I don't
AD> see why it's required to be in the 'authorize' section.
AD> Alan DeKok.
AD> -
AD> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
~/ZARAZA
Ну а в целом, Уильям, здешний климат - ежели только
это можно назвать климатом, вполне сносный. (Твен)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
