From owner-freebsd-isp  Mon Aug 19 22:39:16 1996
Return-Path: owner-isp
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id WAA22851
          for isp-outgoing; Mon, 19 Aug 1996 22:39:16 -0700 (PDT)
Received: from pinky.junction.net (pinky.junction.net [199.166.227.12])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id WAA22840
          for <freebsd-isp@freebsd.org>; Mon, 19 Aug 1996 22:39:13 -0700 (PDT)
Received: from sidhe.memra.com (sidhe.memra.com [199.166.227.105]) by pinky.junction.net (8.6.12/8.6.12) with ESMTP id VAA02321 for <freebsd-isp@freebsd.org>; Mon, 19 Aug 1996 21:51:42 -0700
Received: from localhost (michael@localhost) by sidhe.memra.com (8.6.12/8.6.12) with SMTP id WAA13785 for <freebsd-isp@freebsd.org>; Mon, 19 Aug 1996 22:35:46 -0700
Date: Mon, 19 Aug 1996 22:35:45 -0700 (PDT)
From: Michael Dillon <michael@memra.com>
To: freebsd-isp@freebsd.org
Subject: Re: newbie isp question
In-Reply-To: <321940960.a57@databus.databus.com>
Message-ID: <Pine.BSI.3.93.960819223122.25233V-100000@sidhe.memra.com>
Organization: Memra Software Inc. - Internet consulting
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-isp@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

On Tue, 20 Aug 1996, Barney Wolff wrote:

> In case that was not clear, one more time:  to do CHAP, *both* sides
> (caller and verifier) need access to the clear-text form of the user's
> password, so neither side can store it using one-way encryption, but
> must use reversible encryption or none at all.  That applies whether the
> password is checked directly by the NAS or remotely by an auth server.
> 
> You can't use the Unix password file to verify CHAP, whether you're
> doing it locally or asking an auth server to do it.

Fair enough. However RADIUS will also work with cleartext passwords in the
RADIUS users file, i.e. Password=my-passwd rather than Password=UNIX,
so although a specific RADIUS server may not have CHAP support it should
be possible to add that support unless there are some problems with field
sizes. 

But the best place to ask this question would be on the RADIUS mailing
list hosted by Livingston and the second best place to ask it would be on
the portmaster-users@livingston.com mailing list. Last I checked both
lists were monitored by the people at Merit who have the most
feature-laden RADIUS server around.

Michael Dillon                   -               ISP & Internet Consulting
Memra Software Inc.              -                  Fax: +1-604-546-3049
http://www.memra.com             -               E-mail: michael@memra.com