"Alex Savguira" <savguira@gmail.com> wrote:
OK, I understood your point, but would you be so kind to explain WHY do you think it is such a bad idea
As I said before: it gains you nothing but additional complexity. It's completely unnecessary.
none of the network technitians on-site can abuse user's passwords since they are encrypted and supposedly beyound their cracking abilities, and both PAP and MS-CHAP should work... OK, again, it doesn't work NOW, but why shouldn't it? What's so evil about this configuration?
Nothing is evil. It just makes your life more difficult, and gains you *nothing*.
Btw, in freeradius FAQ you, guys, claim, that PAP is better than CHAP because it allows storing passwords in encrypted form. I kinda agree with that... Why do you now claim that storing in clear text is better?
If your requirement is to do MS-CHAP, you need either the clear-text passwords, or the NT hash.
Ok, it is less headache for me, but what about privacy rights of my users?
That's up to you and your local legal situation. FreeRADIUS has to work in countries other than where you live, where laws are different. Alan DeKok.