Can PPP CHAP authentication use Cisco "Type 5" MD5 passwords?
Posted
by romandas
on Server Fault
See other posts from Server Fault
or by romandas
Published on 2010-05-14T14:16:25Z
Indexed on
2010/05/14
14:25 UTC
Read the original article
Hit count: 679
Looking over Cisco's documentation, and RFC 1994 (PPP CHAP authentication), my initial guess is "no", because CHAP requires a cleartext password to rehash every time it sends a challenge.
Is this true? If so, is there another way to configure CHAP so it doesn't use the easily-decoded type 7 passwords?
The Cisco device in question uses local authentication, not a TACACS+ or RADIUS server. Would using RADIUS eliminate the problem or just move it to the RADIUS server?
© Server Fault or respective owner