29 Jan
2007
29 Jan
'07
8:03 a.m.
Hi,
I'm stuck trying to work out how to avoid sending the password unhashed to the server and think that some form of CHAP/MSCHAPv2 might be the right way to go. My current thoughts are that I should use PAP with SHA1 or SSHA1 but I seem to get the right config (if it is even possible).
MSCHAPv2 is the main way to go. offering challenge/response means the password is never sent clear. alternatively you could use MD5 instead of plain. but client support is an issue... alan