[pptp-server] Re:LDAP/PAM for authentication
Neale Banks
neale at lowendale.com.au
Thu Mar 30 16:09:22 CST 2000
On Thu, 30 Mar 2000, Scott M. Stone wrote:
> On Thu, 30 Mar 2000, Daniell Freed wrote:
>
> > Thanks I appreciate the info. For the moment I guess they will just
> > have to use 1 more password.
>
> why not use radius?
'coz RADIUS, LDAP etc are all PAM modules and PAM-ified PPP can only
authenticate PAP (i.e. not CHAP or MS-perversions thereof). AFAIK, the
issue is that the CHAP algorithm requires access to the cleartext of the
password but PAM specifically does not pass this back (think of it as a
security feature ;-).
This issue has been tossed around a few times before and there was (is
still? ;-) an offer of a Pizza for someone who could come up with the
diffs to make this work.
e.g. look at the "PoPToP and Authentication Questions" thread in the March
archives.
HTH,
Neale.
More information about the pptp-server
mailing list