PAM, ms-chap and shadow passwords
I understand that radius authenticating ppp (PPTP in this case) connections against shadow passwords requires cleartext authentication (PAP). Does PAM allow you to work around this? From reading what I can find on PAM, it would seem that FreeRADIUS would pass off the authentication request to PAM and PAM could then take care of the crypt/decrypt, thus allowing CHAP or MSCHAP client authentication against shadow passwords. Is this correct? TIA, James Smallacombe PlantageNet, Inc. CEO and Janitor up@3.am http://3.am =========================================================================
Am 09.06.2008 um 17:58 schrieb up@3.am:
I understand that radius authenticating ppp (PPTP in this case) connections against shadow passwords requires cleartext authentication (PAP).
Does PAM allow you to work around this? From reading what I can find on PAM, it would seem that FreeRADIUS would pass off the authentication request to PAM and PAM could then take care of the crypt/decrypt, thus allowing CHAP or MSCHAP client authentication against shadow passwords.
PAM cannot do anything more. The problem is that shadow passwords are hashed in one way, MS-CHAP hashes another way. So the hashes are incompatibles and you cannot decode hashes; that is why there are made for. (There is no "decrypt" for this reason.) One possible way is to check again Samba passwords if it is something possible for you to have.
Is this correct?
No. sorry.
TIA,
Have a nice day!
James Smallacombe PlantageNet, Inc. CEO and Janitor up@3.am http://3.am ====================================================================== === - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ users.html
Nicolas Goutte extragroup GmbH - Karlsruhe Waldstr. 49 76133 Karlsruhe Germany Geschäftsführer: Stephan Mönninghoff, Hans Martin Kern, Tilman Haerdle Registergericht: Amtsgericht Münster / HRB: 5624 Steuer Nr.: 337/5903/0421 / UstID: DE 204607841
participants (2)
-
Nicolas Goutte -
up@3.am