setup question : mschap + perl authentication
Arran Cudbard-Bell
A.Cudbard-Bell at sussex.ac.uk
Tue Jul 10 11:05:00 CEST 2007
Phil Mayers wrote:
> On Mon, 2007-07-09 at 22:44 +0100, Arran Cudbard-Bell wrote:
>
>> Alan DeKok wrote:
>>
>>> Johan wrote:
>>>
>>>
>>>> I'm wondering if it's possible to authenticate a user who is using
>>>> mschap authentication with perl.
>>>>
>>>>
>>> Sure. Just re-write all of the MS-CHAP authentication protocol in
>>> rlm_mschap in Perl.
>>>
>>> But why the heck would you want to do that?
>>>
>>>
>>>
>> You know i've been thinking of doing that in PHP (PHP Based supplicant
>> for weblogin via RADIUS), i'm sure it's possible... and it would be of
>> some benefit, just the RFC makes my head hurt... one of the few times
>> I've regreted not studying computer science. *sigh* something to do
>> with hashing the nt hash using different sha functions.
>>
>
> I suggested this to a BlueSocket rep after my 802.1x talk at NetworkShop
> 2006 (I think...) to get over the problems of PAP on eduroam - but my
> suggestion went further and was to do it in JavaScript on the browser,
> have the server simply act as a relay.
>
> I imagine that'd be even trickier. I got about an hour into coding it
> and lost the will to live...
>
Trying to code an MSCHAP client in JS thats just insane ?! But kudos for
trying.
It appears that there is actually a wrapper class in the pecl repository
to do PAP , ChapMD5, MSChapV1 MSChapV2. You'd need the Radius extension
installed, though that too can be downloaded from pecl.
What exactly was the issue with doing PAP over Eduroam ? Was it people
being afraid of passing weakly encrypted passphrases around the
interweb, or home sites just not bothering to implement PAP on their
Radius servers ?
More information about the Freeradius-Users
mailing list