[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Can LDAP support CHAP, MS-CHAP1 or MS-CHAP2

To: openldap-software@OpenLDAP.org
Subject: Re: Can LDAP support CHAP, MS-CHAP1 or MS-CHAP2
From: Adam Williams <awilliam@whitemice.org>
Date: 15 Mar 2002 04:44:47 -0500
In-reply-to: <016f01c1cbdb$7d5a22a0$0100170a@burnaby>
References: <016f01c1cbdb$7d5a22a0$0100170a@burnaby>

>I want to use LDAP server to do authentication by CHAP, MS-CHAP1 or
>MS-CHAP2.
>Is it posssible ?

The LDAP server itself does not support (AFAIK) any form of
"authentication" beyond the bind methods (SASL, GSSAPI, etc...).  An
OpenLDAP server can certainly be used by something like a PPP server
(pppd) as a store of authentication information.  But you must store the
password in clear text in order to support CHAP,  or as either clear
text or an NT hash to support MS-CHAPv2.  I've never met MS-CHAPv1 in
the wild so I don't know about that.  Samba is our PDC for NT4 and
WinY2k workstations and PoPToP/pppd use the NT hash of the user's
password stored in OpenLDAP to authenticate PPTP VPN connections
(MS-CHAPv2).

References:
- Can LDAP support CHAP, MS-CHAP1 or MS-CHAP2
  - From: "Jing Jiang" <jjiang@servgate.com>

Prev by Date: RE: ldap_add: No such object
Next by Date: Re: OpenSSL
Index(es):
- Chronological
- Thread