Hi all, I was doing some research into the authentication protocol used by a VPN solution we are trying and cam across this fairly old thread on your list: http://freeradius.1045715.n5.nabble.com/Chap-auhtentication-against-LDAP-td2... Which in turn links to a nice page by Alan DeKok here: http://deployingradius.com/documents/protocols/compatibility.html Which left me asking myself 2 questions: 1. Did anything change in the past 5 years, is there any decently supported protocol that does support hashed passwords (other then PAP)? 2. How can it be that all these protocols were designed with the idea that the auth server should have a cleartext copy of the users' password, haven't we all known for years now that that's a bad idea? Thanks in advance, Eli