[7732] in Kerberos
Re: Kerberos 5 to RADIUS
daemon@ATHENA.MIT.EDU (Marco S Hyman)
Tue Aug 6 10:49:12 1996
To: kerberos@MIT.EDU
Date: Mon, 05 Aug 1996 22:35:53 -0700
From: Marco S Hyman <marc@dumbcat.sf.ca.us>
> kerberos password systems with RADIUS. Has anyone identified a way to
> convert the Kerberos passowrd file to RADIUS, since most new systems
> seem to be using that instead.
RADIUS is a protocol defining how a Network Access Station (NAS)
communicates with an authentication server to authorize access
from some remote device. Some servers do things like keep
passwords in a flat file in clear text!!! Not the most secure
thing in the world.
If the authentication server gets the password it could provide
an interface to kerberos. However, the server is not always
given the password -- when authenticating a remote device using
the PPP CHAP protocol, all the server gets is a user name,
a 128 bit random value, and an MD5 digest which is the MD5 result
of the users secret and the random value.
// marc
