help-gnu-radius
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-gnu-radius] MS-CHAP

From: Michael Samanov
Subject: Re: [Help-gnu-radius] MS-CHAP
Date: Mon, 2 Dec 2002 20:04:00 +0300 
----- Original Message -----
From: "Sergey Poznyakoff" <address@hidden>
To: "Michael Samanov" <address@hidden>
Cc: <address@hidden>
Sent: Monday, December 02, 2002 7:35 PM
Subject: Re: [Help-gnu-radius] MS-CHAP


> > It's not possible to use "Auth-Type = Local, Password-Location = SQL" in
the
> > DEFAULT label, is it?
>
> Surely it is possible. That's exactly the reason for the existence of
> this paradigm.
>
> > These ways are not equal. Either I don't understand things properly or
CHAP
> > auth doesn't work in this case while using PAP is the security breach.
>
> Yes, you don't seem to understand them.

I just beleived to "info radius" :-) It's prohibited there to do it for
PLAINTEXT and it's said nowhere further that it's possible for SQL. I
discovered this chapter after radiusd rejected to load my "users". Now I see
that it was a syntax error there but I didn't see it at that time. Sorry.

========== cut here with 8< =========
Specifying Passwords in users File.
-----------------------------------

   To keep the plaintext passwords in `users' file, the profile entry
must follow this pattern:

     USER-NAME  Auth-Type = Local,
                          Password = PLAINTEXT

>    The PLAINTEXT is the user's plaintext password. Obviously, USER-NAME
> may not be `DEFAULT' nor `BEGIN'.

Specifying Passwords in SQL Database.
-------------------------------------

     USER-NAME   Auth-Type = Local,
                           Password-Location = SQL

   When the user is authenticated using such profile, its password is
retrieved from the authentication database using `auth_query'.  The
configuration of SQL authentication is described in detail in *Note
Authentication Server Parameters::.

========== glue here =================

That's a good example that if something can be understood erroneousely then
somebody surely will understand this erroneousely. And even if all things
are transparent and clear and nothing can be understood erroneousely then
imperatively there will be at least one person who will understand it
erroneousely.

Sincerely yours,
  Michael (mailto:address@hidden)
reply via email to
[Prev in Thread] Current Thread [Next in Thread]