Hello Stephen -
On Fri, 10 Mar 2000, Felicetti, Stephen A. wrote:
> Hey guys...
>
> I have a Cisco AS5300 authenicating users against LDAP via Radiator.
> Works like a charm when using PAP on the
> Cisco. Management is concerned about a plain text password being sent
> between the Cisco and Radiator. When I attempt
> to use CHAP, radiator rejects the Access-Request, saying that it's a bad
> password. I've read in the docu that CHAP will
> not work when using encrypted passwords (which is what I have in LDAP), but
> what about between the Cisco and the Radius server? I'm fairly sure that it
> is being sent as plain text. Is there anyway to encrypt that?
>
The password is always encrypted. Its just that with PAP the radius server can
reverse the encryption (with MD5 and the shared secret) - then it can do
whatever additional encryption is required to compare with the encrypted
password stored in the database.
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
