CHAP with crypt

Dennis Skinner dskinner at
Sat Jan 13 08:00:48 CET 2007

Evan Vittitow wrote:
> When using OpenLDAP, is there a way to make CHAP work without storing
> passwords as clear text/

OpenLDAP has nothing to do with it.  Crypt is one-way by its very
nature.  Since CHAP crypts it on the wire, the password that RADIUS (or
any service) checks against must be in clear text because it cannot
decrypt the password that it was sent.

See this for further details:

In short, the answer is: no, secure your database.

Dennis Skinner
Systems Administrator
BlueFrog Internet

More information about the Freeradius-Users mailing list