ONJava.com -- The Independent Source for Enterprise Java
oreilly.comSafari Books Online.Conferences.

advertisement

AddThis Social Bookmark Button
Subject:   MS-Chap is designed for MS Databases
Date:   2003-08-18 05:29:28
From:   anonymous2
Response to: MS-Chap is designed for MS Databases

>This is correct, but unfortunately in a PEAP(MS->CHAP-V2) exchange, the RADIUS server never >receives the clear text password from the user.


Correct... But I think you are missing the point.
The message above is talking about the cleartext password being available on the server side, read from a database of some kind and not sent by the client as you stated.


>The bottom line:
>PEAP(MS-CHAP-V2) will only work when the >database that the RADIUS server is pointing to >stores the user’s NT-HASH of their password.


Wrong...


Let's think about this. To get the NT-HASH of the password on the client side you will need to NT-HASH the cleartext password typed in by the user.


Hmmm to get the NT-HASH password on the server side you need to either have the NTHASH of the
clear-text password OR.... have the clear-text password and NT-HASH that... so to add to your bottom line:
PEAP(MS-CHAP-V2) will only work when the database that the RADIUS server is pointing to stores the user’s NT-HASH of their password or uses a clear-text password to create the NT-HASH.



:P


SW2.