Hi, > I'm stuck trying to work out how to avoid sending the password > unhashed to the server and think that some form of CHAP/MSCHAPv2 > might be the right way to go. My current thoughts are that I should > use PAP with SHA1 or SSHA1 but I seem to get the right config (if it > is even possible).
MSCHAPv2 is the main way to go. offering challenge/response means the password is never sent clear. alternatively you could use MD5 instead of plain. but client support is an issue... alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html