EAP SRP-SHA1 support
Stacy
stacy at glb.net
Wed Nov 28 15:47:10 CET 2007
On Wednesday 28 November 2007 17:54, Josh Howlett wrote:
> This is really interesting. I wasn't aware of a supplicant that had
> implemented EAP-SRP. Is there one?
>
> josh.
>
No I don't know about supplicant - but pppd implements EAP-SRP-SHA1. We (here
at glb.net) are using PAP over EAP-TTLS to authenticate ADSL clients.
EAP-TTLS is great thing because it avoids storing clear-text passwords in
database (using PAP inside the tunnel), not easily breakable and avoids
client-side certs that are a pain. But unfortunately there are no client side
pppd implementation for unix. At least the one I know about. And another
great auth proto which is as good as PAP over EAP-TTLS is SRP-SHA1 that is
supported in standard pppd. So I wrote rlm_eap_srp_sha1 to allow UNIX ADSL
clients to authorize securely. Unfortunately I am the only one such client
for a while :))))
Stacy.
More information about the Freeradius-Devel
mailing list