freeradius 3.2.1 on debian 12.9 + LDAP

Martin Pauly pauly at hrz.uni-marburg.de
Tue Mar 11 16:16:07 UTC 2025


Am 07.03.25 um 13:46 schrieb Alan DeKok:
>   If people tell you that MS-CHAP is more secure because "it doesn't send passwords in clear-text", they're either incompetent or lying.  PAP is pretty much always better than CHAP or MS-CHAP.
Agreed. In real life,it turns out that, as a remainder of the MS monopoly,
_all_ vendors of WiFi clients MUST support and test MS-CHAPv2 properly to
survive commercially -- counterexamples welcome :-)
They MAY support PAP in addition. With a server side not speaking MS-CHAPv2,
odds are your life gets harder, especially if you're running a BYOD service.

Cheers, Martin

-- 
   Dr. Martin Pauly     Phone:  +49-6421-28-23527
   HRZ Univ. Marburg    Fax:    +49-6421-28-26994
   Hans-Meerwein-Str.   E-Mail: pauly at HRZ.Uni-Marburg.DE
   D-35032 Marburg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4478 bytes
Desc: Kryptografische S/MIME-Signatur
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20250311/6a4c368a/attachment.bin>


More information about the Freeradius-Users mailing list