Phil Mayers wrote:
On Mon, 2007-07-09 at 22:44 +0100, Arran Cudbard-Bell wrote:
Alan DeKok wrote:
Johan wrote:
I'm wondering if it's possible to authenticate a user who is using mschap authentication with perl.
Sure. Just re-write all of the MS-CHAP authentication protocol in rlm_mschap in Perl.
But why the heck would you want to do that?
You know i've been thinking of doing that in PHP (PHP Based supplicant for weblogin via RADIUS), i'm sure it's possible... and it would be of some benefit, just the RFC makes my head hurt... one of the few times I've regreted not studying computer science. *sigh* something to do with hashing the nt hash using different sha functions.
I suggested this to a BlueSocket rep after my 802.1x talk at NetworkShop 2006 (I think...) to get over the problems of PAP on eduroam - but my suggestion went further and was to do it in JavaScript on the browser, have the server simply act as a relay.
I imagine that'd be even trickier. I got about an hour into coding it and lost the will to live...
Trying to code an MSCHAP client in JS thats just insane ?! But kudos for trying. It appears that there is actually a wrapper class in the pecl repository to do PAP , ChapMD5, MSChapV1 MSChapV2. You'd need the Radius extension installed, though that too can be downloaded from pecl. What exactly was the issue with doing PAP over Eduroam ? Was it people being afraid of passing weakly encrypted passphrases around the interweb, or home sites just not bothering to implement PAP on their Radius servers ?