LEAP and PEAP protocols
Kris Benson
kbenson at sd57.bc.ca
Fri Aug 12 21:28:33 CEST 2005
FreeRadius users mailing list <freeradius-users at lists.freeradius.org> on
August 12, 2005 at 09:04 -0800 wrote:
>LEAP is a proprietary protocol of Cisco's. They have never published a
>spec, but it has been reverse engineered. (use Google)
>It is severely flawed.
What he said.
>
>PEAP is in an Internet Draft (v2), but what Microsoft has implemented
>(v0) and what Cisco supports(v1) are two different derivations of
>previous versions.
>You will have to do some archival spelunking to get specs that may agree
>with the implementations.
PEAP and LEAP are different beasts.
If you want the auth features of LEAP (e.g. simple username/password),
your best bet is to look at EAP-TTLS/PAP. If you want the hashing
functions (whereby CHAP of some sort is used), PEAP will work, given the
right subtype.
-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst, District Projects
School District #57 (Prince George)
More information about the Freeradius-Users
mailing list