Authentification link with PEAP + PAM + LDAP
- To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org>
- Subject: Authentification link with PEAP + PAM + LDAP
- From: "thomas hahusseau" <thomas.hahusseau@gmail.com>
- Date: Wed, 7 Jun 2006 14:07:08 +0200
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=BctWRj9RNhqoICg+FAtJo8IuYWY0C1OGXNl+BGgVbj5kbezaeXsUStckrcEHRTkMRZZlbK59Oqum0bDcRKTJe4SmRl4arWDX0NqB9WlEISRVgKbaB8ys6v7n2Tans8yQlc+e34FvMrk1yfBuxF4PpnoHJ3efQcFlS9msJPHADg8=
- Reply-to: FreeRadius users mailing list <freeradius-users@lists.freeradius.org>
Hello,
Finally my boss is not interested in an PEAP authentication due to
password and login stocked in clear in the OpenLDAP database, and he
doesn't want to use the ntlm_auth to ask a Active Directory Server.
So I wonder if that kind of authentication is possible.
PEAP(MsCHAP) request --> Freeradius server (extract the hashed
password ) --> Authentication request sent to PAM (login + Hashed
password ) via rlm_auth ---> OpenLDAP Server ( compare hashed password
received with the one stocked in database )
PAM is used as mediator to permit comparason with hashed stocked in OpenLDAP.
My boss only wants cipher/hashed password and login.
This archive was generated by a fusion of
Pipermail (Mailman edition) and
MHonArc.