LEAP and PEAP protocols

Kris Benson kbenson at sd57.bc.ca
Fri Aug 12 21:28:33 CEST 2005


FreeRadius users mailing list <freeradius-users at lists.freeradius.org> on
August 12, 2005 at 09:04 -0800 wrote:
>LEAP is a proprietary protocol of Cisco's.   They have never published a
>spec, but it has been reverse engineered. (use Google)
>It is severely flawed.

What he said.
>
>PEAP is in an Internet Draft (v2), but what Microsoft has implemented
>(v0) and what Cisco supports(v1) are two different derivations of
>previous versions.
>You will have to do some archival spelunking to get specs that may agree
>with the implementations.

PEAP and LEAP are different beasts.

If you want the auth features of LEAP (e.g. simple username/password),
your best bet is to look at EAP-TTLS/PAP.  If you want the hashing
functions (whereby CHAP of some sort is used), PEAP will work, given the
right subtype.

-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst, District Projects
School District #57 (Prince George)




More information about the Freeradius-Users mailing list