PAM, ms-chap and shadow passwords
Nicolas Goutte
nicolas.goutte at extragroup.de
Mon Jun 9 18:16:00 CEST 2008
Am 09.06.2008 um 17:58 schrieb up at 3.am:
>
> I understand that radius authenticating ppp (PPTP in this case)
> connections against shadow passwords requires cleartext
> authentication (PAP).
>
> Does PAM allow you to work around this? From reading what I can
> find on PAM, it would seem that FreeRADIUS would pass off the
> authentication request to PAM and PAM could then take care of the
> crypt/decrypt, thus allowing CHAP or MSCHAP client authentication
> against shadow passwords.
PAM cannot do anything more.
The problem is that shadow passwords are hashed in one way, MS-CHAP
hashes another way. So the hashes are incompatibles and you cannot
decode hashes; that is why there are made for. (There is no "decrypt"
for this reason.)
One possible way is to check again Samba passwords if it is something
possible for you to have.
>
> Is this correct?
No. sorry.
>
> TIA,
Have a nice day!
>
> James Smallacombe PlantageNet, Inc. CEO and Janitor
> up at 3.am http://3.am
> ======================================================================
> ===
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/
> users.html
Nicolas Goutte
extragroup GmbH - Karlsruhe
Waldstr. 49
76133 Karlsruhe
Germany
Geschäftsführer: Stephan Mönninghoff, Hans Martin Kern, Tilman Haerdle
Registergericht: Amtsgericht Münster / HRB: 5624
Steuer Nr.: 337/5903/0421 / UstID: DE 204607841
More information about the Freeradius-Users
mailing list