7 Jun
2006
7 Jun
'06
8:07 a.m.
Hello, Finally my boss is not interested in an PEAP authentication due to password and login stocked in clear in the OpenLDAP database, and he doesn't want to use the ntlm_auth to ask a Active Directory Server. So I wonder if that kind of authentication is possible. PEAP(MsCHAP) request --> Freeradius server (extract the hashed password ) --> Authentication request sent to PAM (login + Hashed password ) via rlm_auth ---> OpenLDAP Server ( compare hashed password received with the one stocked in database ) PAM is used as mediator to permit comparason with hashed stocked in OpenLDAP. My boss only wants cipher/hashed password and login.