17 Jul
2006
17 Jul
'06
9:12 a.m.
Peter de Groot wrote:
Eeeerrk....
Given that I suspect that this form of authentication is going to be popular ... I was wondering if it could be "broken out" into a test program to add to the others....
See the "eapol_test" program from the "wpa_supplicant" package. Works very well. Alternatively, since the response for a given username/password and challenge is always the same, you can just run one auth, record those, and re-use them. The obvious insecurity behind this is why the RPC call used to pass username/challenge/response must be authenticated with domain machine account credentials.