-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello all,
I found that freeradius-0.8 does not encrypt the MS-CHAPv1 MPPE keys as specified by RFC 2548 sec.
2.4.1.
In fact, that code was commented out.
Here is the patch:
- --- freeradius-0.8/src/modules/rlm_mschap/rlm_mschap.c Wed Oct 2 10:37:08 2002
+++ freeradius-0.8-modif/src/modules/rlm_mschap/rlm_mschap.c Tue Dec 10 15:40:33 2002
@@ -860,6 +860,7 @@
~ /* now create MPPE attributes */
~ if (inst->use_mppe) {
~ if (chap == 1){
+ int len;
~ DEBUG2("rlm_mschap: adding MS-CHAPv1 MPPE keys");
~ memset (mppe_sendkey, 0, 32);
~ if (smbPasswd.smb_passwd)
@@ -875,10 +876,10 @@
~ memcpy (mppe_sendkey+8,smbPasswd.smb_nt_passwd,16);
~ */
~ md4_calc(mppe_sendkey+8, smbPasswd.smb_nt_passwd,16);
- -/*
+
~ rad_pwencode(mppe_sendkey, &len,
~ request->secret, request->packet->vector);
- -*/
+
~ mppe_add_reply( &request->reply->vps,
~ "MS-CHAP-MPPE-Keys",mppe_sendkey,32);
~ }
Sorry if this is a repeat.
That code works well with Win2K Professional.
- --
==============
Martin Gadbois
S/W Developper
Colubris Networks Inc.
PS: I do not subscribe to this list...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAj32UroACgkQ9Y3/iTTCEDkmqACfdt7uSiZSR6Gjn0sN1rv4Lk7T
pSsAn0rw55GXyAnAU8TmYK/M1k59SwrP
=n1iW
-----END PGP SIGNATURE-----
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- Re: MS-CHAPv1 does not encrypt MPPE keys Martin Gadbois
- Re: MS-CHAPv1 does not encrypt MPPE keys Lars Viklund
- Re: MS-CHAPv1 does not encrypt MPPE keys 3APA3A
- Re: MS-CHAPv1 does not encrypt MPPE keys Martin Gadbois
