(ASCEND) user passwords in radius file (fwd)

[MegaZone <megazone@megazone.org>]

Once upon a time s.lux@obi.de shaped the electrons to say...
>Is there a way to encrypt the passwords in the radius users file?

Depends on the RADIUS server being used.  Lucent's current does.

>I know the possibility of getting the passwords from the unix passwd file,
>but I have heard that this does not works togehther wit
>CHAP-authentification. Is this true and if so, what is the reason?

Because CHAP can't use encrypted passwords - period.  It doesn't matter
if they are in the UNIX system or encrypted in the RADIUS file.  CHAP
*mandates* a cleartext password be available for genration of the CHAP
token that is exchanged.

This is the main reason why so few sites bother with CHAP.  Personally
I see CHAP as a greater security risk than PAP.  CHAP protects the
password on the PPP link.  BFD - who is likely to run a wiretap?  But
PAP allows you to store passwords encrypted.  And you're much more
likely to experience attacks on the host than on the phone line.

-MZ
-- 
<URL:mailto:megazone@megazone.org> Gweep, author, webmaster, human being, me
"A little nonsense now and then, is relished by the wisest men" 781-788-0130
<URL:mailto:megazone@gweep.net> <URL:http://www.megazone.org/> Hail Discordia!
++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

---

Follow-Ups:

• RE: (ASCEND) user passwords in radius file (fwd)
• From: Terrelle Shaw <hshaw@successnet.net>

---

• Prev by Date: RE: (ASCEND) user passwords in radius file (fwd)
• Next by Date: RE: (ASCEND) IDSL (fwd)
• Prev by thread: (ASCEND) Re: Unsubscribe
• Next by thread: RE: (ASCEND) user passwords in radius file (fwd)
• Index(es):
  • Main
  • Thread