> I don't see the need to use UNIX style passwords on a NT system,
> unless you're in some migration process from Unix to NT ...
> In fact, using UNIX style passwords would give you double
> administration on NT systems since some users would also need
> an NT login+password to access the server ...
Its used mostly for a migration phase for ISPs who have a
UNIX base moving to RadiusNT. Our solution doesn't need
for users to have NT User accounts, since everything
is based upon a central RDBMS database that has all the
information in it. This is NOT talking about intranet
solutions.
> Besides this all ; I'd use NT passwords because they are
> better encrypted and can be used for things like FTP services
> and , more interesting , Exchange for SMTP and POP access...
In our solution, we have integrated Mail servers, FTP servers,
etc to the central user database (a true RDBMS), not the NT
user database. This makes security much easier to handle and
manage.
> >Secondly, NO terminal server can do CHAP with the UNIX passwd,
> >because CHAP requires the password to be available in clear text.
> >If you tell your clients to do PAP, it will work, CHAP will
> >not. You can disable these in the terminal server, also.
>
> I wrote : "Another thing is that Ascend ISDN terminal servers
> don't like UNIX passwords.. (AFAIK that's what they told me)",
> well that's because we're using CHAP ... (I didn't set it up that way
> though ..) and CHAP logins didn't work .. So I had to remove it ...
> Just a matter of trial and error :(
:) I have ran into this with Cisco, Livingston, Computone,
and many other manufacturuers as well.
> However, what are the pros and contras of CHAP <> PAP ?
> If PAP does UNIX style passwords .. I'm going for PAP...
Mainly visibility. The password must be visible at one
place or another. Whether on the wire (PAP) or on your
database (CHAP), you choose.
Dale