Problem with secrets
Michael Lecuyer
mjl at theorem.com
Wed Jul 19 16:12:18 CEST 2006
Most authentication methods don't use the secret as part of the password
encoding and use independent information for encoding.
PAP is the only authentication method that depends on the secret.
For example CHAP uses the password, two random numbers and MD5 to encode
the password.
Thibault Le Meur wrote:
>>Even though the secret is incorrect the authentication can be
>>correct. The server returns an Access-Accept. Why? The server trusts the
>>client (it's in the accepted NAS list) and performs the authentication.
>
>
> I might have missed something here, sorry in advance ;-)
>
> Since the secret is incorrect, Freeradius wont be able to correctly decrypt
> the user-password. So authentication shouldn't be succesful ? (section 4.1
> of http://www.freeradius.org/faq/).
>
> Have you got any pointer to the thread you are talking about (I haven't
> found it with a wuick googleing) ?
>
> Thibault
More information about the Freeradius-Users
mailing list