ONJava.com -- The Independent Source for Enterprise Java
oreilly.comSafari Books Online.Conferences.

advertisement

AddThis Social Bookmark Button
Article:
  A Technical Comparison of TTLS and PEAP
Subject:   MS-Chap is designed for MS Databases
Date:   2003-07-07 08:51:37
From:   anonymous2
Response to: Clarifications

Here is the issue: When using the MS-CHAP or MS-CHAPv2 protocols, the Challange exchange between the RADIUS server and the supplicant are based on the NT-Hash of the users password. This means that the Database that the RADIUS server looks at needs to have access to the NT-Hash of the users password, not the clear text version of the password. This is fine if your database happens to be Active Directory, because this is how passwords are stored in AD, but if it is LDAP, or SQL, you would have to go through some process to get the NT-hash of all your users passwords into this other database. This is why EAP-MSChapv2 (and thus Micosoft's PEAP supplicant) is really only good if your database is Microsoft.

1 to 2 of 2
  1. MS-Chap is designed for MS Databases
    2003-07-08 21:59:41  anonymous2 [View]

    • MS-Chap is designed for MS Databases
      2003-07-28 16:11:26  anonymous2 [View]

      • MS-Chap is designed for MS Databases
        2003-08-18 05:29:28  anonymous2 [View]

    • MS-Chap is designed for MS Databases
      2003-07-22 06:46:25  anonymous2 [View]

  2. Funk Software RADIUS support MS-CHAP-V2 in Solaris
    2003-07-07 17:53:52  anonymous2 [View]

    • Funk Software RADIUS support MS-CHAP-V2 in Solaris
      2003-10-04 09:40:16  pppeterd [View]

1 to 2 of 2