Authentification link with PEAP + PAM + LDAP
Alan DeKok
aland at nitros9.org
Wed Jun 7 16:48:10 CEST 2006
"thomas hahusseau" <thomas.hahusseau at gmail.com> wrote:
> So I wonder if that kind of authentication is possible.
>
> PEAP(MsCHAP) request --> Freeradius server (extract the hashed
> password )
There is NO hashed password in MSCHAP. Extraction is IMPOSSIBLE.
> PAM is used as mediator to permit comparason with hashed stocked in OpenLDAP.
PAM is not a magic solution that lets you do something FreeRADIUS
can't. PAM does a lot LESS than FreeRADIUS, in fact.
> My boss only wants cipher/hashed password and login.
As Joe said, store NT-Password in LDAP.
Alan DeKok.
More information about the Freeradius-Users
mailing list