Re: Authentification link with PEAP + PAM + LDAP
On 7 Jun 2006, at 13:07, thomas hahusseau wrote:
Hello,
Finally my boss is not interested in an PEAP authentication due to
password and login stocked in clear in the OpenLDAP database, and he
doesn't want to use the ntlm_auth to ask a Active Directory Server.
So I wonder if that kind of authentication is possible.
PEAP(MsCHAP) request --> Freeradius server (extract the hashed
password ) --> Authentication request sent to PAM (login + Hashed
password ) via rlm_auth ---> OpenLDAP Server ( compare hashed password
received with the one stocked in database )
You don't need to use PAM - in fact, I don't think its possible.
Store your users' passwords in the NTLM hash, and authenticate
directly from FreeRADIUS to LDAP.
josh.
PAM is used as mediator to permit comparason with hashed stocked in
OpenLDAP.
My boss only wants cipher/hashed password and login.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/
list/users.html
Josh Howlett, Networking Specialist, University of Bristol.
email: josh.howlett@bristol.ac.uk | phone: +44 (0)7867 907076 |
interal: 7850
This archive was generated by a fusion of
Pipermail (Mailman edition) and
MHonArc.