|
version 1.1.1.3, 2016/11/01 09:56:12
|
version 1.1.1.4, 2021/03/17 00:39:23
|
|
Line 6
|
Line 6
|
| </HEAD> |
</HEAD> |
| <BODY text="#000000" bgcolor="#ffffff"> |
<BODY text="#000000" bgcolor="#ffffff"> |
| |
|
| <A HREF="mpd.html"><EM>Mpd 5.8 User Manual</EM></A> | <A HREF="mpd.html"><EM>Mpd 5.9 User Manual</EM></A> |
| <b>:</b> <A HREF="mpd64.html"><EM>Internals</EM></A> |
<b>:</b> <A HREF="mpd64.html"><EM>Internals</EM></A> |
| <b>:</b> <EM>Authentication</EM><BR> |
<b>:</b> <EM>Authentication</EM><BR> |
| <b>Previous:</b> <A HREF="mpd65.html"><EM>ToDo</EM></A><BR> |
<b>Previous:</b> <A HREF="mpd65.html"><EM>ToDo</EM></A><BR> |
|
Line 31 server. The password hash is computed like this: md5(i
|
Line 31 server. The password hash is computed like this: md5(i
|
| + challenge), where the id is incremented after each authentication |
+ challenge), where the id is incremented after each authentication |
| attempt. The challenge is generated by the server and then sent to the |
attempt. The challenge is generated by the server and then sent to the |
| client (peer). The peer sends the hash to the server and the server |
client (peer). The peer sends the hash to the server and the server |
| genrates himself the hash using the plaintext password. If both | generates itself the hash using the plaintext password. If both |
| hash are the same, the authentication succeeds.</p> |
hash are the same, the authentication succeeds.</p> |
| <p>MS-CHAP doesen't need plaintext passwords on the server, but does | <p>MS-CHAP does not need plaintext passwords on the server, but does |
| need the hashed password either as NT-Hash or as LAN-Manager-Hash |
need the hashed password either as NT-Hash or as LAN-Manager-Hash |
| (the LAN-Manager-Hash is weak and shouldn't be used). | (the LAN-Manager-Hash is weak and should not be used). |
| MS-CHAPv1 uses DES as hashing algorithm and is weak, therefore don't | MS-CHAPv1 uses DES as hashing algorithm and is weak, therefore do not |
| use it! MS-CHAPv2 uses a peer challenge and a server |
use it! MS-CHAPv2 uses a peer challenge and a server |
| challenge and uses SHA1 as hashing algorithm, so it's much more | challenge and uses SHA1 as hashing algorithm, so it is much more |
| secure then MS-CHAPv1. MS-CHAPv2 requires the NT-Hash be available.</p> | secure than MS-CHAPv1. MS-CHAPv2 requires the NT-Hash be available.</p> |
| <p>Usually UNIX systems have a different non-revertable hashing |
<p>Usually UNIX systems have a different non-revertable hashing |
| algorithm for passwords, therefore it is not possible to use the |
algorithm for passwords, therefore it is not possible to use the |
| traditional UNIX password database if you want to use any |
traditional UNIX password database if you want to use any |
| CHAP algorithm, with the exception that FreeBSD versions 5.1 and |
CHAP algorithm, with the exception that FreeBSD versions 5.1 and |
| later support the NT-Hash format in the password database |
later support the NT-Hash format in the password database |
| (configurable via login.conf: <code>passwd_format=nth</code>). |
(configurable via login.conf: <code>passwd_format=nth</code>). |
| However MPD doesen't currently support authentication against | However MPD does not currently support authentication against |
| the UNIX password database.</p> |
the UNIX password database.</p> |
| <p>EAP is an Extensible Authentication Protocol. Mpd supports |
<p>EAP is an Extensible Authentication Protocol. Mpd supports |
| natively only the EAP-Type MD5; other EAP-Types may be used |
natively only the EAP-Type MD5; other EAP-Types may be used |
|
Line 58 from authentication.</p>
|
Line 58 from authentication.</p>
|
| |
|
| <dt><b>Authentication protocol negotiation</b><dd><p>Starting with MPD 3.14, MPD behaves more intelligently when negotiating |
<dt><b>Authentication protocol negotiation</b><dd><p>Starting with MPD 3.14, MPD behaves more intelligently when negotiating |
| authentication protocols. MPD searches an internal list of protocols, |
authentication protocols. MPD searches an internal list of protocols, |
| from most to least secure, until a mutually agreeable protocol is found. | from most to least secure until a mutually agreeable protocol is found. |
| If the link is a PPTP link, then MS-CHAP is most preferrable, otherwise | If the link is a PPTP link, then MS-CHAP is most preferable, otherwise |
| MD5-CHAP is most preferrable.</p> | MD5-CHAP is most preferable.</p> |
| |
|
| </dl> |
</dl> |
| </p> |
</p> |
| |
|
| |
|
| <HR NOSHADE> |
<HR NOSHADE> |
| <A HREF="mpd.html"><EM>Mpd 5.8 User Manual</EM></A> | <A HREF="mpd.html"><EM>Mpd 5.9 User Manual</EM></A> |
| <b>:</b> <A HREF="mpd64.html"><EM>Internals</EM></A> |
<b>:</b> <A HREF="mpd64.html"><EM>Internals</EM></A> |
| <b>:</b> <EM>Authentication</EM><BR> |
<b>:</b> <EM>Authentication</EM><BR> |
| <b>Previous:</b> <A HREF="mpd65.html"><EM>ToDo</EM></A><BR> |
<b>Previous:</b> <A HREF="mpd65.html"><EM>ToDo</EM></A><BR> |
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to mpd66.html CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / mpd / doc