E.S. Rosenberg wrote:
Which in turn links to a nice page by Alan DeKok here: http://deployingradius.com/documents/protocols/compatibility.html
Which left me asking myself 2 questions: 1. Did anything change in the past 5 years, is there any decently supported protocol that does support hashed passwords (other then PAP)?
MD5 etc. hasn't changed in the last 5 years. So the table (and conclusions) haven't changed either.
2. How can it be that all these protocols were designed with the idea that the auth server should have a cleartext copy of the users' password, haven't we all known for years now that that's a bad idea?
Because different people have different needs. And most people don't think about RADIUS until it's too late to change their password storage method. Alan DeKok.