On Wednesday 28 November 2007 17:54, Josh Howlett wrote:
This is really interesting. I wasn't aware of a supplicant that had implemented EAP-SRP. Is there one?
josh.
No I don't know about supplicant - but pppd implements EAP-SRP-SHA1. We (here at glb.net) are using PAP over EAP-TTLS to authenticate ADSL clients. EAP-TTLS is great thing because it avoids storing clear-text passwords in database (using PAP inside the tunnel), not easily breakable and avoids client-side certs that are a pain. But unfortunately there are no client side pppd implementation for unix. At least the one I know about. And another great auth proto which is as good as PAP over EAP-TTLS is SRP-SHA1 that is supported in standard pppd. So I wrote rlm_eap_srp_sha1 to allow UNIX ADSL clients to authorize securely. Unfortunately I am the only one such client for a while :)))) Stacy.