On Sat, 13 Oct 2001, Kris Deugau wrote: > Michael Klein wrote: > > Real ISPs don't use pap/chap anyways, they use Radius or something else. > IIRC, Radius is the generic term for the backend PAP/CHAP server... > Windows only speaks plaintext scripts, PAP/CHAP (IIRC one of *those* > isn't supported), and MS-proprietary NT/W2K domain server dialup > authentication (not quite SMB). Yep, the radius/tacacs is between the dialup terminal (server) and with the AAA equipment (radius/tacacs server) and the PAP/CHAP is between the dialup terminal and the client (subscriber). So if the pam is enabled in the pppd it can authenticate FROM the AAA server any kind of method that the pam modules supports. eg. mysql, radius, tacacs, postgres, password file, dbfile, ldap, and so on. but that doesn't affect the client side authentication method (CHAP/MSCHAP/PAP). AFAIK there is MS-CHAP that is a little bit similar to CHAP, and nowadays pppd has this patch to support it. -- VWOL Tamas SZERB <toma@rulez.org> GPG public key: http://alabama.rulez.org/~toma/gpgkey-toma.asc
