Authentication protocols that DO support hashed passwords

E.S. Rosenberg esr+freeradius-users at mail.hebrew.edu
Mon Nov 10 20:01:25 CET 2014


Hi all,
I was doing some research into the authentication protocol used by a
VPN solution we are trying and cam across this fairly old thread on
your list:
http://freeradius.1045715.n5.nabble.com/Chap-auhtentication-against-LDAP-td2781170.html

Which in turn links to a nice page by Alan DeKok here:
http://deployingradius.com/documents/protocols/compatibility.html

Which left me asking myself 2 questions:
1. Did anything change in the past 5 years, is there any decently
supported protocol that does support hashed passwords (other then
PAP)?
2. How can it be that all these protocols were designed with the idea
that the auth server should have a cleartext copy of the users'
password, haven't we all known for years now that that's a bad idea?

Thanks in advance,
Eli


More information about the Freeradius-Users mailing list