Evan Vittitow wrote:
When using OpenLDAP, is there a way to make CHAP work without storing
passwords as clear text/
OpenLDAP has nothing to do with it. Crypt is one-way by its very
nature. Since CHAP crypts it on the wire, the password that RADIUS (or
any service) checks against must be in clear text because it cannot
decrypt the password that it was sent.
See this for further details:
http://deployingradius.com/documents/protocols/compatibility.html
In short, the answer is: no, secure your database.
--
Dennis Skinner
Systems Administrator
BlueFrog Internet
http://www.bluefrog.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
