802.1x with mschap-radius-ldap with ssha-1 passwords
Stefan Winter
stefan.winter at restena.lu
Tue Jul 18 14:54:15 CEST 2006
Hi,
> I guess the obvious question is why can't the Radius server simply perform
> a bind attempt to the LDAP server during authentication, as opposed to
> trying to compare the password received by the authenticator to the ssha-1
> password stored in ldap?
I guess the obvious answer is that it can only bind if it has the user's
password. When using MS-CHAP the password is already hashed when the server
gets it, so how could he possibly perform the bind operation?
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung & Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: stefan.winter at restena.lu Tel.: +352 424409-1
http://www.restena.lu Fax: +352 422473
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060718/e4f8a532/attachment.pgp>
More information about the Freeradius-Users
mailing list