Authentication succeeds even with incorrect shared secret.

[Alan DeKok]

"Sayantan Bhowmick" <sbhowmick at novell.com> wrote:
>  So if I understand correctly in case of authentication methods like
> CHAP the client does NOT SEND ANYTHING  SIGNED with the "shared secret"
> and as such the RADIUS server CANNOT verify whether the client has the
> proper shared secret. In this case it is the clients job to verify the
> server's reply. Am I correct?

  Yes.

  Alan DeKok.