Can PPP CHAP authentication use Cisco "Type 5" MD5 passwords?

Posted by romandas on Server Fault See other posts from Server Fault or by romandas
Published on 2010-05-14T14:16:25Z Indexed on 2010/05/14 14:25 UTC
Read the original article Hit count: 679

Filed under:
|
|
|

Looking over Cisco's documentation, and RFC 1994 (PPP CHAP authentication), my initial guess is "no", because CHAP requires a cleartext password to rehash every time it sends a challenge.

Is this true? If so, is there another way to configure CHAP so it doesn't use the easily-decoded type 7 passwords?

The Cisco device in question uses local authentication, not a TACACS+ or RADIUS server. Would using RADIUS eliminate the problem or just move it to the RADIUS server?

© Server Fault or respective owner

Related posts about cisco

Related posts about ppp