Date: Thu, 9 May 2002 16:57:37 -0700 (PDT) From: Archie Cobbs <archie@dellroad.org> To: Matthew Braithwaite <matt@braithwaite.net> Cc: Archie Cobbs <archie@dellroad.org>, dgilbert@velocet.ca, freebsd-net@FreeBSD.ORG Subject: Re: mpd-netgraph problem. Message-ID: <200205092357.g49Nvb204332@arch20m.dellroad.org> In-Reply-To: <20020509164557.A28528@dogberry.braithwaite.net> "from Matthew Braithwaite at May 9, 2002 04:45:57 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Matthew Braithwaite writes: > > So that's screwey if you're doing MPPE encryption because which > > authentication do you use to generate the MPPE keys?? Apparently > > we are using the wrong one. In any case, we can't use the first > > one because we'd need the yes/no response to generate MPPE keys > > from CHAP MSOFTv2 authentication. > > Let me see if I understand: a key used in CHAP authentication is also > used for MPPE. However, I authenticate twice, once using CHAP MSOFTv2 > and once using CHAP MSOFTv2 -- and you think mpd is choosing the MPPE > key from the wrong one of these two authentications? Once using MSOFTv2 and then a second time using MSOFTv1. According to RFC 3079, you should generate the keys from the first authentication. However, this is impossible because your server is never completing that authentication. > Is there a way to fix this in mpd? According to the manual you *have* > to use CHAP MSOFTv2 to use MPPE, so I'd think it'd be okay to > categorically ignore -- for MPPE purposes -- any key obtained through > a CHAP MSOFTv1 authentication. The manual is wrong; you can generate keys from MSOFTv1 or MSOFTv2. See RFC 3079. > Can I force mpd to speak *only* CHAP MSOFTv2? I don't find any such > option in the manual, unfortunately. No, that needs to be added... -Archie __________________________________________________________________________ Archie Cobbs * Packet Design * http://www.packetdesign.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200205092357.g49Nvb204332>