Am 26.05.2008 um 15:41 schrieb Matt Ashfield:
Hi,
We’re looking into using PEAP with MSChapV2, instead of PAP (don’t want to use the SecureW2 client anymore) so are investigating ways to store the password in LDAP.
According to http://deployingradius.com/documents/protocols/ compatibility.html ,the options are storing the password in Clear- Text or in an NT Hash (ntlm_auth).
In talking with our LDAP people, I was told the following:
SunOne does not support nt-hash passwords. Supported formats are CLEAR, CRYPT, DES, NS-MTA-MD5 (Netscape MD5), SHA, and SSHA.
Fedora Directory Server 1.1.0 supports CLEAR, CRYPT, DES, MD5, NS- MTA-MD5, SHA, SHA256, SHA384, SHA512, SSHA, SSHA256, SSHA384, and SSHA512.
It sounds to me like if we want to do PEAP/MSChapV2 we’d have to store the password in cleartext? I would just like to verify this via this list.
Yes, not any of the formats is NT Hash. (NT Hash is the MD4 hash of the UTF-16LE encoding of the password.)
Any advice is appreciated.
Thanks
Have a nice day!
Matt
mda@unb.ca
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ users.html
Nicolas Goutte extragroup GmbH - Karlsruhe Waldstr. 49 76133 Karlsruhe Germany Geschäftsführer: Stephan Mönninghoff, Hans Martin Kern, Tilman Haerdle Registergericht: Amtsgericht Münster / HRB: 5624 Steuer Nr.: 337/5903/0421 / UstID: DE 204607841