authenticate against SHA2 hash in EAP-MSCHAPv2

Fajar A. Nugraha list at
Thu Mar 1 10:52:49 CET 2018

On Thu, Mar 1, 2018 at 3:32 PM, Volodymyr Litovka < at> wrote:
> Hi again, colleagues,
> please correct me, if I'm wrong.
> When using mschapv2, user sends his password in cleartext and FreeRadius
> compares it to one stored in, e.g., "users":

As Stefan wrote, that is not the case with mschapv2. radius server
never recieve cleartext password from clients in this case.

You can get cleartext password from clients if they use pap,
eap-ttls-pap, or peap-gtc.


More information about the Freeradius-Users mailing list