[pptp-server] PoPToP and Authentication Questions
Adam Williams
adam at morrison-ind.com
Tue Mar 14 12:50:15 CST 2000
From : lists>pptp-server-admin
To : adam
Subject : Re: [pptp-server] PoPToP and Authentication Questions
Date : 01/01/70 01:01
>>>missed? Regardless of the ansewr, can someone provide me with a link to
>>>documentation detailing the setup of such a scenario? Thanks
>>Authentication is actually handled by PPP. PPP supports PAM if you use PAP
>>authentication, which means no encryption. With PAM you can authenticate
>>against anything you want. With CHAP you must maintain a hideous secrets
>>file on the PPP server, because you don't have the password you can't auth
>>against something like PAM. A couple of people are pondering this dilemma,
>>but I haven't seen anything come through. I am also eagerly awaiting this
>>feature (I want to auth with PAM against an LDAP server). I'll buy pizza
>>for anyone who can provide a patch to let me CHAP against PAM.
>Interesting... The pizza that is :).
Hey, I'm serious.~
>Since one needs that password to CHAPinate, would you care if it was bare
>text stored ACL'd on the LDAP server?
I suppose if I don't have a choice, then I don't have one, but i'm not too
excited about storing a plain text password. Is it possible to CHAPinate
first, and store the chapination?
>I've had it working this way against ICRadius, but never completed that
>project. It was quite an ugly hack at best, but the underlying pain in
>the neck was that to make the CHAP compares work, you start with the plain
>text password and go forward, not take and MD5, etc... password and work
>any other way.
Yep, I relize this and am curious how NT gets around this problem? Certainly
they don't store the plain text password?~
>Possibly I missed the obvious solution, but that was the problem as I saw
>it and went onward using clear passwords.
More information about the pptp-server
mailing list