This parameter specifies a password preparation method to be
used in EAP-pwd authentication. RFC 5931, that defines EAP-pwd, specifies
three password pre-processing methods. RFC 8146 specifies additional
methods which are not implemented by Radiator yet. Preparation methods are
configured with an optional parameter
EAP_PWD_PrepMethod. The default value is
None. The currently available methods are shown in the
table below.
Table 7. Allowed values for EAP_PWD_PrepMethod
None |
Password is used as is. No additional preparation is
done. The password must be stored in plain text, including
rcrypt, format. |
NtHash |
Password is processed to produce the output
PasswordHashHash, as defined in RFC 2759. The password must be
stored in plain text, including rcrypt, or NT hashed format.
This requires Digest::MD4 Perl
module. |
SASLprep |
Password is processed according to RFC 5931 SASLprep
specification. The password must be stored in plain text,
including rcrypt, format. This requires
Authen::SASL::SASLprep version 1.100 or
later. |
CAUTION
EAP-pwd clients may not support other
methods than None. For example, wpa_supplicant 2.6+fixes
is needed for the NtHash method to
work.
Here is an example of using
EAP_PWD_PrepMethod:
# Our passwords are stored in {nthash} prefixed format
EAP_PWD_PrepMethod NtHash
