EAP SRP-SHA1 support

Stacy stacy at glb.net
Wed Nov 28 15:47:10 CET 2007

On Wednesday 28 November 2007 17:54, Josh Howlett wrote:
> This is really interesting. I wasn't aware of a supplicant that had
> implemented EAP-SRP. Is there one?
> josh.

No I don't know about supplicant - but pppd implements EAP-SRP-SHA1. We (here 
at glb.net) are using PAP over EAP-TTLS to authenticate ADSL clients. 
EAP-TTLS is great thing because it avoids storing clear-text passwords in 
database (using PAP inside the tunnel), not easily breakable and avoids 
client-side certs that are a pain. But unfortunately there are no client side 
pppd implementation for unix. At least the one I know about. And another 
great auth proto which is as good as PAP over EAP-TTLS is SRP-SHA1 that is 
supported in standard pppd. So I wrote rlm_eap_srp_sha1 to allow UNIX ADSL 
clients to authorize securely. Unfortunately I am the only one such client 
for a while :))))


More information about the Freeradius-Devel mailing list