EAP-TTLS inner auth methods for 802.1x
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Mon Jan 29 14:03:21 CET 2007
Hi,
> I'm stuck trying to work out how to avoid sending the password
> unhashed to the server and think that some form of CHAP/MSCHAPv2
> might be the right way to go. My current thoughts are that I should
> use PAP with SHA1 or SSHA1 but I seem to get the right config (if it
> is even possible).
MSCHAPv2 is the main way to go. offering challenge/response means
the password is never sent clear. alternatively you could use
MD5 instead of plain. but client support is an issue...
alan
More information about the Freeradius-Users
mailing list