| Author |
Not getting password in ias extension dll if CHAP is used by radius client
|
|
|
| i am working on ias extensoin authentical dll. I want to get user name and password. when PAP is used i get radius attributes like RADIUS_ATTRIBUTE_TYPE structure member user name and password in ratUserName, ratUserPassword
but if radiud client sends request using CHAP, I get user name in ratUserName strucure member but I do not get password in ratCHAPPassword structure.
How do i get password information sent by user if CHAP or MSCHAP encryption
is used.it seems that only username information is available in RADIUS_ATTRIBUTE_TYPE structure.
thanks in advance.
| |
|
| You don't have access to the clear-text password with CHAP and MSCHAP (v1 or
v2) Access-Requests. That's how the protocols are designed to work. Its
more secure.
You do have access to the CHAP-Challenge and CHAP-Response attributes (and
the equivalent MS VSA attributes used in MSCHAP). But the data in those
attributes won't allow you to obtain the user password in clear-text. But
if you have access to the user's password in clear-text (like from a data
base) you can confirm the correct password was used to generate the CHAP or
MSCHAP request.
--
Tony
"sab" <anonymous@discussions.microsoft.com> wrote in message
news:DE861DAB-089B-4DC2-BFBF-FEA9EDA8726B@microsoft.com...
> i am working on ias extensoin authentical dll. I want to get user name
and password. when PAP is used i get radius attributes like
RADIUS_ATTRIBUTE_TYPE structure member user name and password in
ratUserName, ratUserPassword
> but if radiud client sends request using CHAP, I get user name in
ratUserName strucure member but I do not get password in ratCHAPPassword
structure.
> How do i get password information sent by user if CHAP or MSCHAP
encryption
> is used.it seems that only username information is available in
RADIUS_ATTRIBUTE_TYPE structure.
> thanks in advance.
| |
|
| I want to confirm that username and password entered by user matches
username and password in the database. Username is available cleartext in
database and also from ias so matching is straightforward.
But in case of password it is available in cleartext in database but not
from IAS. So how to use CHAP-Challenge and CHAP-Response attributes from
RADIUS_ATTRIBUTE_TYPE to confirm that password entered by user matches to
that in database? Thanks in advance.
"Tony" <tburnettATNOSPAMcolumbusDOTrrLASTDOTcom> wrote in message
news:uwqgxV5BEHA.3796@TK2MSFTNGP10.phx.gbl...
> You don't have access to the clear-text password with CHAP and MSCHAP (v1
or
> v2) Access-Requests. That's how the protocols are designed to work. Its
> more secure.
>
> You do have access to the CHAP-Challenge and CHAP-Response attributes (and
> the equivalent MS VSA attributes used in MSCHAP). But the data in those
> attributes won't allow you to obtain the user password in clear-text. But
> if you have access to the user's password in clear-text (like from a data
> base) you can confirm the correct password was used to generate the CHAP
or
> MSCHAP request.
>
> --
> Tony
> "sab" <anonymous@discussions.microsoft.com> wrote in message
> news:DE861DAB-089B-4DC2-BFBF-FEA9EDA8726B@microsoft.com...
> and password. when PAP is used i get radius attributes like
> RADIUS_ATTRIBUTE_TYPE structure member user name and password in
> ratUserName, ratUserPassword
> ratUserName strucure member but I do not get password in ratCHAPPassword
> structure.
> encryption
> RADIUS_ATTRIBUTE_TYPE structure.
>
>
| |
| Ashwin Palekar\(MS\) 2004-03-13, 12:34 am |
| The PPP CHAP RFC should have details on the algorithm used to verify the
password.
--
--
========================================
===================
This posting is provided "AS IS" with no warranties and confers no rights
========================================
===================
<sab> wrote in message news:uJrr1UJCEHA.684@tk2msftngp13.phx.gbl...
>I want to confirm that username and password entered by user matches
> username and password in the database. Username is available cleartext in
> database and also from ias so matching is straightforward.
> But in case of password it is available in cleartext in database but not
> from IAS. So how to use CHAP-Challenge and CHAP-Response attributes from
> RADIUS_ATTRIBUTE_TYPE to confirm that password entered by user matches to
> that in database? Thanks in advance.
> "Tony" <tburnettATNOSPAMcolumbusDOTrrLASTDOTcom> wrote in message
> news:uwqgxV5BEHA.3796@TK2MSFTNGP10.phx.gbl...
> or
> or
>
>
|
|
|
|