Using PAM to authenticate Radius auth requests with PEAP

Alan DeKok aland at ox.org
Fri Oct 14 03:04:13 CEST 2005


Joseph Silverman <yossie at laszlosystems.com> wrote:
> I can imagine that PEAP, specifically, does the password encryption  
> on the client and passes that on, using a similar but obviously not  
> the same, one way encryption algorithm, thus requiring the radius  
> server to have access to a clear text password which it would encrypt  
> with the same key and  algorithm in order to match to the one from  
> the client.

  Yes.

> If this is the case, than I can readily see how it can never (never  
> being a long time) be possible to use these sorts of passwords along  
> with UNIX encrypted passwords.  This is a darn shame, but if it is  
> indeed the case, so be it.

  Yes.

  Alan DeKok.



More information about the Freeradius-Users mailing list