Alan DeKok wrote: > Johan wrote: > >> I'm wondering if it's possible to authenticate a user who is using >> mschap authentication with perl. >> > > Sure. Just re-write all of the MS-CHAP authentication protocol in > rlm_mschap in Perl. > > But why the heck would you want to do that? > > You know i've been thinking of doing that in PHP (PHP Based supplicant for weblogin via RADIUS), i'm sure it's possible... and it would be of some benefit, just the RFC makes my head hurt... one of the few times I've regreted not studying computer science. *sigh* something to do with hashing the nt hash using different sha functions.
Got PAP working though thats not exactly hard... and CHAP seems very easy , so i'll do that tomorrow. Have a request hash <Radius to Supplicant> Hash this hash with a hash of the password <Supplicant> Here have the request hash and the hash of the request hash with the password.. <Supplicant to Radius> *works* And the advantage of supporting MSChap is that you don't have to store your passwords in cleartext... Just NT4 or LMHash which while not much more secure than cleartext , looks far more impressive in a password database. But yes, as Alan said, why bother implimenting the server side MSChap module in perl ... rlm_perl wasn't really designed for this kind of stuff, more for request flow control and acquiring extra attributes from databases and various other perly type things. You ok Alan ? You've seemed less yeah go look at this howto / man page and more *stab stab* die recently ... Sorry abundance of Guinness ... Thanks, Arran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html