In EAP MD5-Challenge, the RADIUS server sends a random
challenge to the client. The client forms an MD5 hash of the user's
password and the challenge and sends the result back to the server. The
server then validates the MD5 hash using the known correct plaintext
password from the user database. EAP MD5-Challenge does not support
dynamic WEP keys.
EAP MD5-Challenge can work with most Radiator
AuthBy clauses that support the retrieval of a plaintext password, such as
FILE, DBFILE, SQL, LDAP etc.