CHAP and Windows 2003 AD LDAP

[Alan DeKok]

Josh Howlett <josh.howlett at bristol.ac.uk> wrote:
> Any idea how IAS gets hold of it for CHAP?

  IAS is incestuous with the rest of the Microsoft world.  But even
IAS can't do CHAP unless the "use reversible encryption" is set in AD.

  Once that's set, IAS uses magic secret bloated RPC calls to connect
to AD, and get the password.  The Samba guys are working on reverse
engineering the protocol, but they're not done yet.

  Alan DeKok.