Hi, Is it possible to authenticate a client with PEAP-MSCHAPv2 when I store the password in a MySQL database as SHA512 hash. Or is there another way to authenticate the client? The password should be stored as SHA512 hash. The client supports EAP-TLS, EAP-TTLS, LEAP and PEAPĀ and for phase 2: PEAP-MSCHAPv2 and PEAP-TLS or EAP-TTLS with CHAP, MSCHAP, MSCHAPv2, PAP and MD5 regards Lukas
On Aug 24, 2018, at 1:42 AM, Lukas Nuth <l.nuth@ostfalia.de> wrote:
Is it possible to authenticate a client with PEAP-MSCHAPv2 when I store the password in a MySQL database as SHA512 hash.
No. http://deployingradius.com/documents/protocols/compatibility.html
Or is there another way to authenticate the client? The password should be stored as SHA512 hash.
TTLS with embedded PAP. That's it.
The client supports EAP-TLS, EAP-TTLS, LEAP and PEAP and for phase 2: PEAP-MSCHAPv2 and PEAP-TLS or EAP-TTLS with CHAP, MSCHAP, MSCHAPv2, PAP and MD5
Don't use LEAP for anything. It's insecure. Alan DeKok.
participants (2)
-
Alan DeKok -
Lukas Nuth