On Fri, Jun 13, 2003 at 11:55:26AM +0200, Roberto Pioli wrote: > > Hi Robert, > > It is the authentication method that the client-nas have decided on that > > determines what format the password needs to be in. The CHAP method > requires > > clear text passwords. The MS-CHAP method requires a NT-PASSWORD or > > LM-PASSWORD format. The PAP method requires....... and so on.
The PAP method requires nothing. PAP states that a clear text password is sent over the line. How it is compared against a stored password is in your hands. It's the standart problem: will the hacker hijack your phone lines an sniff clear text PAP passwords, or will he hack your servers and see those clear text passwords required for CHAP in your database? > thanks > and so If I wantto use an MD5 password it is not possible!?! If you use CHAP, you need clear text passwords. With PAP you can use any encryption supported by freeradius. the standart crypt of glibc2 will also support md5 crypts, if the crypted password (use the Crypt-Password Attribute in your mysql db) has a certain format: $1$SEED$CRYPT (see man crypt o your glibc2 system). If you don't have glibc2 you have to use the pap module of freeradius. This is a bit tricky, cause freeradius will do an string compare of passwords if it finds a Password attribute, and so rlm_pap gets not called. I send a patch for this to the list two days ago. Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
