Real Time Ascend Maling List Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (ASCEND) PAP and CHAP with TNT
Oliver Stettner wrote:
> Jim Williams wrote:
>
> > The problem with CHAP is that we have 9000 subscribers and have been doing
> > PAP from day one with shadow passwords...ALL passwords are currently
> > encrypted so putting them in a users file will take months to try to
> > capture the passwords on top of which having a file full of plain text ids
> > and passwords is somewhat of a security risk...that was the whole reason
> > behind shadow passwords and encryption on /etc/passwd.
>
> So if I got that right, the TNTs are not administered by you but by
> UUnet. The UUnet TNTs contact your RADIUS server for authentication.
> UUnets TNT do chap and pap. And you have encrypted passwords on your
> radius servers.
>
> In that case I guess you have no possibilty. At least non I know of. :-(
What happens if your Radius server includes in its response:
ATTRIBUTE Ascend-Send-Auth 231 integer
with the value set to
VALUE Ascend-Send-Auth Send-Auth-PAP 1
This should, I hope, cause the negotiation to restirct itself to PAP
--
Jim Segrave jes@nl.demon.net
++ Ascend Users Mailing List ++
To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd: <http://www.nealis.net/ascend/faq>