Date: Mon, 19 Aug 1996 22:35:45 -0700 (PDT) From: Michael Dillon <michael@memra.com> To: freebsd-isp@freebsd.org Subject: Re: newbie isp question Message-ID: <Pine.BSI.3.93.960819223122.25233V-100000@sidhe.memra.com> In-Reply-To: <321940960.a57@databus.databus.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 20 Aug 1996, Barney Wolff wrote: > In case that was not clear, one more time: to do CHAP, *both* sides > (caller and verifier) need access to the clear-text form of the user's > password, so neither side can store it using one-way encryption, but > must use reversible encryption or none at all. That applies whether the > password is checked directly by the NAS or remotely by an auth server. > > You can't use the Unix password file to verify CHAP, whether you're > doing it locally or asking an auth server to do it. Fair enough. However RADIUS will also work with cleartext passwords in the RADIUS users file, i.e. Password=my-passwd rather than Password=UNIX, so although a specific RADIUS server may not have CHAP support it should be possible to add that support unless there are some problems with field sizes. But the best place to ask this question would be on the RADIUS mailing list hosted by Livingston and the second best place to ask it would be on the portmaster-users@livingston.com mailing list. Last I checked both lists were monitored by the people at Merit who have the most feature-laden RADIUS server around. Michael Dillon - ISP & Internet Consulting Memra Software Inc. - Fax: +1-604-546-3049 http://www.memra.com - E-mail: michael@memra.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.3.93.960819223122.25233V-100000>