[pptp-server] IAS / RADIUS
Steve Langasek
vorlon at netexpress.net
Fri Nov 30 10:50:21 CST 2001
On Thu, Nov 29, 2001 at 10:15:04PM -0800, Steve Jorgensen wrote:
> Thanks for the reply. Now I'll probably make a fool of myself by
> speculating about things I know very little about.
> Trying, in my mind, to expand upon what you said, I'm guessing that the
> reason PPP(TP) authentication through RADIUS does not now do MS-CHAP, et
> al, even if the RADIUS server can do it for you is that the interface to
> RADIUS is through something like PAM and is a plain-text only API? If I
> guessed that right, it seems like a direct like to RADIUS would be nice
> because it would allow for any kind of password hashing the RADIUS server
> knows even if it is newer than the implementation of PPTP, be it a
> Microsoft thing, some new Cisco thing, or whatever. Another thought would
> be to enhance PAM itself to provide more complete access to extra
> functionality of RADIUS.
pppd actually doesn't use PAM at all for this, by default; PAM is a very
bad fit for pppd, so the upstream source includes its own module API
that provides hooks for other /PAP/ authenticators. I'm working on
adding hooks for CHAP authenticators, and I have a CHAP module working
that authenticates against RADIUS, but it's all very kludgy right now.
I'm still struggling with getting MS-CHAP done right on the wire against
freeradius (which already supports it) before trying to implement
MS-CHAPv2 on both ends.
Cheers,
Steve Langasek
postmodern programmer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <http://lists.schulte.org/mailman/private/pptp-server/attachments/20011130/0c3c98a6/attachment.bin>
More information about the pptp-server
mailing list