+ Reply to Thread
Page 1 of 2 12 LastLast
Results 1 to 10 of 16
  1. #1
    Join Date
    Jun 2003
    Location
    Sandusky, OH
    Posts
    17
    Rep Power
    0

    Default Sending Clear Passwords

    OK, so from my understanding the difference between CHAP and PAP is that PAP is clear and CHAP is encrypted. So if HotSpot were to pass along the values input'd by the users as Username and Password to the radius server, that would be just like if PAP was used correct?

    If thats the case, can we edit the HotSpot pages to just send the username password to a radius server that accepts PAP?

    This whole deal with our Radius server not accepting CHAP is killer.


    The HotSpot server is used in house so the "security" issue isn't an issue.

    Thanks,
    Jason

  2. #2
    Join Date
    Oct 2002
    Location
    USA
    Posts
    1,382
    Rep Power
    17

    Default

    You really need to fix your radius server. Asking the StarOS programmers to work on an un-wise feature is the wrong place to cause work to be expended to solve your problem. You are right, your radius server not accepting chap is a problem. It should be easy enough to fix. Less work for you than you are asking from the StarOS programmers.

    Besides, StarOS provides a perfectly working radius server, and the needed tools to allow you to copy your user database to the supplied radius server. In other words, they have already done the work to resolve this in the right way.

    If you don't think security is an issue, then run an open AP. Hotspot is a security feature, disabling the security of a security system seems to be missing the point.

  3. #3
    Join Date
    Jun 2003
    Location
    Sandusky, OH
    Posts
    17
    Rep Power
    0

    Default

    I'm sorry, I didn't mean to come off the wrong way.

    I totally love what they're doing and I think their work is great. We were looking to go to the RADIUS server thats built into STAROS, but again, I went to the page that lists features and RADIUS server isn't even listed.

    Although changing our radius server to work seems easier to do, its not. Took four days to get ahold of the programmer and he still hasn't gotten back to us. Just saying he must not support the type of CHAP that staros uses.

    We don't want to change over to a whole new radius server for everything as our accounting package works wonderfully with the radius server we had. We use UUNET and their CHAP works, but I guess thats the only version of CHAP that works with our radius server--WOW did we get lucky.

    I guess what I'm asking is can I create a form that sends username/password to the radius server and will that work or is there something "else" to send to the radius server that tells it that I'm using PAP?

    Thanks for the help guys.
    Jason

  4. #4
    Join Date
    Jan 2000
    Location
    Langley, Canada
    Posts
    8,090
    Rep Power
    10

    Default

    It is not possible to send a non-encrypted form to the StarOS hotspot login pages as it is verified before it is sent to the radius server for further authentication. The CHAP values are a hash, so we cannot extract the original password to create a PAP authentication request. If your radius programmer needs a CHAP reference, he can refer to the RFC, or the Javascript code present in our hotspot login pages.

    It is possible for us to add an option to allow unsecured passwords, however it is something we would be reluctant to do unless there are no alternatives for some of our users.

    Thanks!

  5. #5
    Join Date
    Aug 2003
    Posts
    23
    Rep Power
    0

    Default PAP Authentication

    Hi,

    I have a client who is ready to purchase a number of licences (10 to start with a commitment to a further 50 units within a short time if the project works) However they have their own system they would like to authenticate against as it is allready setup and opperational.

    I may also be able to convince them to purchase the WRAP boards from you.

    Their system only supports PAP authentication and adding CHAP is not an option at this stage. They may do this in the near future but due to the integration with other services they are not able to at this stage.

    It would be easier to enable PAP to be passed in the hotspot authentication from Star-OS.

    Please look into this ASAP as the solution needs to be signed off on within the next couple of days.

    Regards
    Andrew Hooper

  6. #6
    Join Date
    Oct 2002
    Location
    Nanaimo, BC
    Posts
    12,224
    Rep Power
    10

    Default

    Is Tuesday soon enough? We could rush it, but we like to test.
    ..a computer is a stupid machine with the ability to do incredibly smart things, while computer programmers are smart people with the ability to do incredibly stupid things. They are,in short, a perfect match..

    Try the latest 4.4.5.7-7842 release. It fixes the 11N card reset issue.
    http://www.star-os.com/ http://www.star-os.com/store

  7. #7
    Join Date
    Jun 2003
    Location
    Sandusky, OH
    Posts
    17
    Rep Power
    0

    Default

    Yea :-)

    Finally someone else as weird as my company ;-p

    Jason

  8. #8
    Join Date
    Aug 2003
    Posts
    23
    Rep Power
    0

    Default

    Lonnie,

    Sounds good to me

    Im guessing this will be enabled for both the Router, Server and CPE?

    Regards
    Andrew

  9. #9
    Join Date
    Oct 2002
    Location
    Nanaimo, BC
    Posts
    12,224
    Rep Power
    10

    Default

    Sorry but not the CPE. Not enough room for the new code. It will be in the Router and Server images though.
    ..a computer is a stupid machine with the ability to do incredibly smart things, while computer programmers are smart people with the ability to do incredibly stupid things. They are,in short, a perfect match..

    Try the latest 4.4.5.7-7842 release. It fixes the 11N card reset issue.
    http://www.star-os.com/ http://www.star-os.com/store

  10. #10
    Join Date
    Aug 2003
    Posts
    23
    Rep Power
    0

    Default

    Lonnie,

    Thats cool. This project will be using router for most of the sites, may look at setting up a server in some of the larger areas.

    Regards
    Andrew

Similar Threads

  1. Clear syslog file, omit rec F0 display in client.
    By David L. Vrablic in forum Feature Requests
    Replies: 13
    Last Post: 01-01-2009, 04:30 AM
  2. Clear text password entry in tcp throughput test
    By HoeDing in forum Feature Requests
    Replies: 10
    Last Post: 12-13-2006, 07:22 AM
  3. Save Passwords in Hotspot login
    By pacux in forum HotSpot
    Replies: 3
    Last Post: 01-24-2005, 04:42 PM
  4. sending file with IRC
    By dbriggs in forum Support
    Replies: 1
    Last Post: 10-04-2003, 09:08 AM
  5. Clear up my confusion...
    By Anonymous in forum StarOS™
    Replies: 7
    Last Post: 08-21-2003, 11:43 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts