Re: [m0n0wall] m0n0wall + radius + LDAP + non-plaintext passwd

From:	Denis Mirassou <mirassou at cict dot fr>
To:	Frederic BRET <frederic dot bret at univ dash lr dot fr>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] m0n0wall + radius + LDAP + non-plaintext passwd
Date:	Mon, 18 Oct 2004 10:21:53 +0200

Frederic BRET wrote:
> Hi
> 
> I'm new to m0n0wall, but I can't clearly find the answer in the doc or 
> the mailing-list. My fear is that it's not possible yet, but I'm not sure.
> The basic link of m0n0wall with radius and local plain-text password is 
> OK, it's a good start, but it can only be considered as a start. My goal 
> is to store a huge user database on ldap, but if we but this aside, is 
> it possible to authenticate users of the captive portal using a radius 
> server (freeradius) and store the password as a non plain-text form, 
> whatever it can be (unix-style, nt-style). Store (or even know) the 
> plain-text form of a password is absolutely prohibited.
> If not, radius_authentication.inc has probably to be modified to an EAP 
> authentication that could deal with something more usable with mass 
> deployment.

Hi Frederic,

For me, M0n0 1.1 works with Radius local system logins (ie /etc/passwd 
on a RedHat 9 box) or with an external Open LDAP server (don't know 
actually if LDAP passwords are plain text or crypted ones).

Denis

> Am I wrong on the current capabilities of m0n0wall ? Will there be a 
> developpment on the radius link ?
> 
> Thanks in advance
> 
> Fred
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
> 


-- 
Denis Mirassou
Service Réseaux
Centre Interuniversitaire de Calcul de Toulouse (C.I.C.T)