From owner-freebsd-isp  Mon Jun  8 03:50:47 1998
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id DAA14947
          for freebsd-isp-outgoing; Mon, 8 Jun 1998 03:50:47 -0700 (PDT)
          (envelope-from owner-freebsd-isp@FreeBSD.ORG)
Received: from sun-test.hightek.com ([194.74.141.100])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id DAA14933
          for <isp@freebsd.org>; Mon, 8 Jun 1998 03:50:34 -0700 (PDT)
          (envelope-from andreas@klemm2.hightek.com)
Received: from klemm2.hightek.com ([195.90.203.76]) by sun-test.hightek.com
          (Netscape Mail Server v1.1) with ESMTP id AAA8057;
          Mon, 8 Jun 1998 12:50:32 +0200
Received: (from andreas@localhost)
	by klemm2.hightek.com (8.8.8/8.8.8) id MAA21564;
	Mon, 8 Jun 1998 12:50:31 +0200 (CEST)
	(envelope-from andreas)
Message-ID: <19980608125031.00463@hightek.com>
Date: Mon, 8 Jun 1998 12:50:31 +0200
From: Andreas Klemm <aklemm@hightek.com>
To: IBS / Andre Oppermann <andre@pipeline.ch>
Cc: isp@FreeBSD.ORG
Subject: Re: how does PPP CHAP work ?
References: <19980608115605.21479@hightek.com> <357BB8B1.55C43D5@pipeline.ch>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.89.1i
In-Reply-To: <357BB8B1.55C43D5@pipeline.ch>; from IBS / Andre Oppermann on Mon, Jun 08, 1998 at 12:10:57PM +0200
X-Operating-System: FreeBSD 2.2.6-STABLE
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Mon, Jun 08, 1998 at 12:10:57PM +0200, IBS / Andre Oppermann wrote:
> Andreas Klemm wrote:
> No. You have two problems:

Three ? ;-)

> 1. PAP passwords are in clear text
> 
> 2. CHAP is not CHAP, there is one CHAP standard and MS-CHAP
>    Please read the discussion in Brians newest userland-ppp
> 
> 3. CHAP passwords need special handling on the RADIUS server
>    (Challenge Handshake Auth Protocol)

Which special handling on the Radius Server ? Could you please
be more verbose on this ?

> > A collegue of mine claims, that it would'nt be possible, because
> > CHAP would use a two way handshake, that means, our access router
> > would have to authenticate itself with username and password on
> > the client access router.
> 
> No, that depends on your configuration.

On the access server or radius or both ?

-- 
B&K Gruppe - Wuppertal                                    <aklemm@hightek.com>
phone +49 202 7399 - 170                                 <andreas@FreeBSD.ORG>
fax   +49 202 7399 - 100                      http://www.FreeBSD.ORG/~andreas/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message