Problem with secrets
mjl at theorem.com
Wed Jul 19 16:12:18 CEST 2006
Most authentication methods don't use the secret as part of the password
encoding and use independent information for encoding.
PAP is the only authentication method that depends on the secret.
For example CHAP uses the password, two random numbers and MD5 to encode
Thibault Le Meur wrote:
>>Even though the secret is incorrect the authentication can be
>>correct. The server returns an Access-Accept. Why? The server trusts the
>>client (it's in the accepted NAS list) and performs the authentication.
> I might have missed something here, sorry in advance ;-)
> Since the secret is incorrect, Freeradius wont be able to correctly decrypt
> the user-password. So authentication shouldn't be succesful ? (section 4.1
> of http://www.freeradius.org/faq/).
> Have you got any pointer to the thread you are talking about (I haven't
> found it with a wuick googleing) ?
More information about the Freeradius-Users