Re: (ASCEND) PAP and CHAP with TNT

[Jim Williams <jaw12@ntrnet.net>]

I liked your thought process so I tried it...unfortunately, the CHAP/PAP
handshaking goes on between the PC and the RAS box (in this case the TNT)
according to the ppplog file when the modem dials in.  I need to find a
way to change the information in Dial-Up Networking to tell it to lead
with PAP.

Jim Williams                  Ntrnet Systems, Inc.
President/CEO                 Research Triangle Park, NC
jaw12@ntrnet.net              (919)484-0504 fax(919)484-0782


On Thu, 13 Apr 2000, Jim Segrave wrote:

> Oliver Stettner wrote:
> > Jim Williams wrote:
> > 
> > > The problem with CHAP is that we have 9000 subscribers and have been doing
> > > PAP from day one with shadow passwords...ALL passwords are currently
> > > encrypted so putting them in a users file will take months to try to
> > > capture the passwords on top of which having a file full of plain text ids
> > > and passwords is somewhat of a security risk...that was the whole reason
> > > behind shadow passwords and encryption on /etc/passwd.
> > 
> > So if I got that right, the TNTs are not administered by you but by
> > UUnet. The UUnet TNTs contact your RADIUS server for authentication.
> > UUnets TNT do chap and pap. And you have encrypted passwords on your
> > radius servers.
> > 
> > In that case I guess you have no possibilty. At least non I know of. :-(
> 
> What happens if your Radius server includes in its response:
> 
> ATTRIBUTE       Ascend-Send-Auth                231     integer
> with the value set to
> VALUE   Ascend-Send-Auth                Send-Auth-PAP           1
> 
> This should, I hope, cause the negotiation to restirct itself to PAP
> 
> -- 
> Jim Segrave           jes@nl.demon.net
> 

++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>