CHAP with crypt
Dennis Skinner
dskinner at bluefrog.com
Sat Jan 13 08:00:48 CET 2007
Evan Vittitow wrote:
> When using OpenLDAP, is there a way to make CHAP work without storing
> passwords as clear text/
OpenLDAP has nothing to do with it. Crypt is one-way by its very
nature. Since CHAP crypts it on the wire, the password that RADIUS (or
any service) checks against must be in clear text because it cannot
decrypt the password that it was sent.
See this for further details:
http://deployingradius.com/documents/protocols/compatibility.html
In short, the answer is: no, secure your database.
--
Dennis Skinner
Systems Administrator
BlueFrog Internet
http://www.bluefrog.com
More information about the Freeradius-Users
mailing list