romandas

Asked: 2010-05-15 06:16:25 +0800 CST2010-05-15 06:16:25 +0800 CST 2010-05-15 06:16:25 +0800 CST

Can PPP CHAP authentication use Cisco "Type 5" MD5 passwords?

Looking over Cisco's documentation, and RFC 1994 (PPP CHAP authentication), my initial guess is "no", because CHAP requires a cleartext password to rehash every time it sends a challenge.

Is this true? If so, is there another way to configure CHAP so it doesn't use the easily-decoded type 7 passwords?

The Cisco device in question uses local authentication, not a TACACS+ or RADIUS server. Would using RADIUS eliminate the problem or just move it to the RADIUS server?

1 Answers

Voted

Best Answer

petrus
2011-03-10T14:26:45+08:002011-03-10T14:26:45+08:00
Indeed, CHAP needs a cleartext password.

Moving authentication to a Radius server would not eliminate the need of cleartext passwords, but at least all passwords would be stored into a central and secured repository.
1

Can PPP CHAP authentication use Cisco "Type 5" MD5 passwords?

Ping a Specific Port

How do I tell Git for Windows where to find my private RSA key?

How do you restart php-fpm?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Resolve host name from IP address

How can I sort du -h output by size

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?