I don't know that you can, the knowledgebase didn't turn anything up on the subject. Besides...Doesn't CHAP authentication use MD5 encrypted password strings, and send it to radius to decrypt/compare to cleartext server stored passwords? If you are worried about the data in transmission, CHAP is probably better suited for you. If you are more worried about your radius server being compromised, then PAP is :) imho. -- Adam Barnhill Support Engineer, TotallyFabricated.com Information Technology Engineer, Poplar Bluff Internet, Inc. / Semo.net P.O. Box 190 | Poplar Bluff, MO 63902 | 573.686.9114, <http://www.semo.net/> Home of TotallyFabricated.com the creators of Total Scrutinizer -----Original Message----- From: usr-tc-bounces@mailman.xmission.com [mailto:usr-tc-bounces@mailman.xmission.com] On Behalf Of alex Sent: Tuesday, March 18, 2003 4:11 PM To: Discussion relating to the 3Com/US Robotics Total Control modem systems. Subject: Re: [USR-TC] authentication question Thanks for information. But I have another question: How to disable cleartext login? Adam Barnhill wrote:
The following answer has been forwarded from Support Central: http://commworks.custhelp.com/cgi-bin/commworks.cfg/php/enduser/std_alp . php
Summary --------------------------------------------------------------- Use DNIS authentication to define service type
You can view this answer at http://commworks.custhelp.com/cgi-bin/commworks.cfg/php/enduser/std_adp . php?p_faqid=1862&p_created=1015283939
Sender's Comment This is not an exact answer, but it might lead in the right direction. In my example below both will technically authenticate with Radius, but only one DNIS number will use Client supplied username/passwords. I don't have a test environment to test, but I think the following should work.
Setup: 1. On the HiPerARC: Add modem_group all interface<interfaces> enabled yes Set modem_group all dnis_authentication required Set modem_group all dnis_auth_type dnis Set modem_group all dnis_auth_time before_answer Set modem_group all dnis_password mypassword
2. Setup ARC user for "Non-Authentication" DNIS number Add user 111000 password mypassword type network network_service ppp Set user 111000 dnis_reauthentication PAP (or your preference)
3. Setup Radius user 111000 password mypassword - using typical ppp client parameters (Minus any port limits or multilinking.)
4. Setup ARC user for "Authenticated" number Add user 222111 password mypassword type network network_service ppp Set user 222111 dnis_reathentication No_reauth
NOTE: If caller dials number other than 111000 or 222111, the call is disconnected. An ARC user must be setup for each DNIS number or this method will not work for you.
Anybody got thoughts on this process?
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc