Problem with secrets

Michael Lecuyer mjl at theorem.com
Wed Jul 19 16:12:18 CEST 2006


Most authentication methods don't use the secret as part of the password 
encoding and use independent information for encoding.

PAP is the only authentication method that depends on the secret.

For example CHAP uses the password, two random numbers and MD5 to encode 
the password.

Thibault Le Meur wrote:
>>Even though the secret is incorrect the authentication can be 
>>correct. The server returns an Access-Accept. Why? The server trusts the 
>>client (it's in the accepted NAS list) and performs the authentication. 
> 
> 
> I might have missed something here, sorry in advance ;-)
> 
> Since the secret is incorrect, Freeradius wont be able to correctly decrypt
> the user-password. So authentication shouldn't be succesful ? (section 4.1
> of http://www.freeradius.org/faq/).
> 
> Have you got any pointer to the thread you are talking about (I haven't
> found it with a wuick googleing) ?
> 
> Thibault





More information about the Freeradius-Users mailing list