PHP authentication

[Arjan Sinnige]

Hi All,

I think I already know the answer but I'll ask it just the same.

I've been asked to research the possibility to link radius to an
external login server.(out of my control)

The external server needs a username and cleartext password via a php
script and will only reply 'ok' or 'fail'. It will not send back a
password or anything.
The devices we need to authenticate are numerous. From ipads, iphones,
windows phones & android to all iterations of windows (7 and onwards),
OSX & linux computers.
Most if not all of them are students user devices which cannot be
pre-configured. So it needs to work "out of the box".

Now I can get this to work easily if I authenticate against a local
LDAP server which has NTLM and local user passwd accounts. All of
these devices can do EAP-TTLS-Mschapv2 or EAP-PEAP-Mschapv2 but not
all of them do TTLS-PAP (Windows & Windows phone etc...)

It is not possible with this setup to always get a cleartext password,
or is it ?

In your valued opinion : Can it be done or should I spend my time on
advising and creating a custom capture portal for the network ?

Kind regards,

Arjan Sinnige