freeradius 3.2.1 on debian 12.9 + LDAP
Martin Pauly
pauly at hrz.uni-marburg.de
Tue Mar 11 16:16:07 UTC 2025
Am 07.03.25 um 13:46 schrieb Alan DeKok:
> If people tell you that MS-CHAP is more secure because "it doesn't send passwords in clear-text", they're either incompetent or lying. PAP is pretty much always better than CHAP or MS-CHAP.
Agreed. In real life,it turns out that, as a remainder of the MS monopoly,
_all_ vendors of WiFi clients MUST support and test MS-CHAPv2 properly to
survive commercially -- counterexamples welcome :-)
They MAY support PAP in addition. With a server side not speaking MS-CHAPv2,
odds are your life gets harder, especially if you're running a BYOD service.
Cheers, Martin
--
Dr. Martin Pauly Phone: +49-6421-28-23527
HRZ Univ. Marburg Fax: +49-6421-28-26994
Hans-Meerwein-Str. E-Mail: pauly at HRZ.Uni-Marburg.DE
D-35032 Marburg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4478 bytes
Desc: Kryptografische S/MIME-Signatur
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20250311/6a4c368a/attachment.bin>
More information about the Freeradius-Users
mailing list