RE: User-Password Attribute
Ok, so from all the info I have gathered it is not possible to decrypt the MS-CHAP password into a clear text. Is there any method to authenticate wireless EAP clients to a kerberos server? As of right now, things are looking bleak, seeing how rlm_krb5 needs the plain-text password and MS-CHAP doesnt give that. Has anyone attempted authenticating wireless EAP (specifically LEAP and PEAP) clients to a kerberos? Thanks, Chris -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Alan DeKok Sent: Monday, July 07, 2003 11:43 AM To: [EMAIL PROTECTED] Subject: Re: User-Password Attribute Chris Akens [EMAIL PROTECTED] wrote: What I have been unable to figure out is how I pass the correct User-Pass attribute from LEAP to rlm_krb5 and become authenticated. You can't. It's impossible. The clear-text password is never sent in a LEAP packet. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: User-Password Attribute
Chris Akens [EMAIL PROTECTED] wrote: Ok, so from all the info I have gathered it is not possible to decrypt the MS-CHAP password into a clear text. Is there any method to authenticate wireless EAP clients to a kerberos server? Not right now. As of right now, things are looking bleak, seeing how rlm_krb5 needs the plain-text password and MS-CHAP doesnt give that. Has anyone attempted authenticating wireless EAP (specifically LEAP and PEAP) clients to a kerberos? LEAP is impossible. PEAP is likewise impossible, as it doesn't send clear-text passwords, either. TTLS may work, but the server doesn't support it yet. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: User-Password Attribute
Chris Akens [EMAIL PROTECTED] wrote: What I have been unable to figure out is how I pass the correct User-Pass attribute from LEAP to rlm_krb5 and become authenticated. You can't. It's impossible. The clear-text password is never sent in a LEAP packet. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html