[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Minutes according to MCR (rev 3)

I'd be very careful on asserting the royal "we" here.
I'd like to hear more from ISPs.

I know from my personal accounts that this isn't the case.

But let's drop this rathole, I would also like to see EAP supported, but I don't know most NASes or RADIUS servers do, yet.

Dave.

At 05:40 AM 12/7/99 -0800, Bernard Aboba wrote: 
>Anyways, the reason that PAP is still in widespread operational,
>day-to-day, present use, is that most authentication servers store
>passwords in one-way encrypted forms (Unix, WinNT, and LDAP) and the CHAP
>(RFC 1994) algorithm requires clear text passwords.

Actually, at this point, most usage of PAP that we see is for use with
token card authentication. Pre-EAP this was the most common way of
implementing this in PPP. So in a new protocol, the appropriate thing
to do is either to support EAP, or to have support for a generic
token card method. There really isn't much need to continue to support
PAP. Including a normative reference to a deprecated protocol isn't
a great idea.


---------------------------------------------------------------
David Mitton                                  ESN: 248-4570
Consulting Engineer, Nortel Networks           978-288-4570 Direct
Carrier Packet Solutions, Preside              978-288-3030 FAX
Billerica, MA 01821                     dmitton@xxxxxxxxxxxxxxxxxx