Re: Authentification link with PEAP + PAM + LDAP
"thomas hahusseau" <thomas.hahusseau@gmail.com> wrote:
> So I wonder if that kind of authentication is possible.
>
> PEAP(MsCHAP) request --> Freeradius server (extract the hashed
> password )
There is NO hashed password in MSCHAP. Extraction is IMPOSSIBLE.
> PAM is used as mediator to permit comparason with hashed stocked in OpenLDAP.
PAM is not a magic solution that lets you do something FreeRADIUS
can't. PAM does a lot LESS than FreeRADIUS, in fact.
> My boss only wants cipher/hashed password and login.
As Joe said, store NT-Password in LDAP.
Alan DeKok.
This archive was generated by a fusion of
Pipermail (Mailman edition) and
MHonArc.