[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: authentification issue with clear text password

On Wednesday, 15 February 2012 15:21:53 Szilard Gyorgy wrote:
> HI Suomi
> Yes, but I need all this for my Cisco router

AFAIK, Cisco routers don't support LDAP authentication, but instead RADIUS 
(e.g. for VPN authentication), TACACS+ and Kerberos (e.g. administrative 

Maybe you can provide more information on the software that actually 
communicates with LDAP (such as your RADIUS server).

> where I can't do any pre
> encryption - the password is sent for compaction in clear text so I need to
> make that compare to return true if the password is correct.

An LDAP client that can't do a simple bind is a broken LDAP client. FreeRADIUS 
may by default do a compare, but it can be configured to bind instead.

> Can I setup ldap to store the password in different format ?

That would reduce your overall security.