Real Time Ascend Maling List Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (ASCEND) PAP and CHAP with TNT
I liked your thought process so I tried it...unfortunately, the CHAP/PAP
handshaking goes on between the PC and the RAS box (in this case the TNT)
according to the ppplog file when the modem dials in. I need to find a
way to change the information in Dial-Up Networking to tell it to lead
with PAP.
Jim Williams Ntrnet Systems, Inc.
President/CEO Research Triangle Park, NC
jaw12@ntrnet.net (919)484-0504 fax(919)484-0782
On Thu, 13 Apr 2000, Jim Segrave wrote:
> Oliver Stettner wrote:
> > Jim Williams wrote:
> >
> > > The problem with CHAP is that we have 9000 subscribers and have been doing
> > > PAP from day one with shadow passwords...ALL passwords are currently
> > > encrypted so putting them in a users file will take months to try to
> > > capture the passwords on top of which having a file full of plain text ids
> > > and passwords is somewhat of a security risk...that was the whole reason
> > > behind shadow passwords and encryption on /etc/passwd.
> >
> > So if I got that right, the TNTs are not administered by you but by
> > UUnet. The UUnet TNTs contact your RADIUS server for authentication.
> > UUnets TNT do chap and pap. And you have encrypted passwords on your
> > radius servers.
> >
> > In that case I guess you have no possibilty. At least non I know of. :-(
>
> What happens if your Radius server includes in its response:
>
> ATTRIBUTE Ascend-Send-Auth 231 integer
> with the value set to
> VALUE Ascend-Send-Auth Send-Auth-PAP 1
>
> This should, I hope, cause the negotiation to restirct itself to PAP
>
> --
> Jim Segrave jes@nl.demon.net
>
++ Ascend Users Mailing List ++
To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd: <http://www.nealis.net/ascend/faq>