Does freeradius-client library support CHAP protocol?

Tarkshya tarkshya at gmail.com
Tue Mar 17 18:59:18 CET 2009


Hi all,

I was trying to figure out whether CHAP protocol is supported by
freeradius-client library or not. I am reaching two contradictory
conclusions using my own dubious analysis. Hence the request for help.

If my understanding is correct, (and I might be totally wrong here),
then the PAP protocol sends the user passwords in clear text over the
wire. On the other hand, CHAP protocol uses a shared secret between
the client and server to encrypt the passwords being sent over the
wire.

Since I do see the use of shared secret in freeradius-client library
configuration file, I assume that the library does support CHAP.
However, in the source code of the library, I notice that the section
doing the CHAP processing is turned off using the #if 0 directive.
Meaning CHAP is not being used.

What gives?

Also, after wading through the archives of this mailing list, I came
across the post of one user who had asked exactly the same question,
that is to say, whether CHAP is supported or not. The answer he got
was that, "at this stage, better not use CHAP". This is an ambiguous
reply as far as I am concerned because it evades a direct answer.

Please reply

Tarkshya



More information about the Freeradius-Devel mailing list