On Wednesday, 15 February 2012 15:21:53 Szilard Gyorgy wrote:
HI Suomi
Yes, but I need all this for my Cisco router
AFAIK, Cisco routers don't support LDAP authentication, but instead RADIUS (e.g. for VPN authentication), TACACS+ and Kerberos (e.g. administrative acces).
Maybe you can provide more information on the software that actually communicates with LDAP (such as your RADIUS server).
where I can't do any pre encryption - the password is sent for compaction in clear text so I need to make that compare to return true if the password is correct.
An LDAP client that can't do a simple bind is a broken LDAP client. FreeRADIUS may by default do a compare, but it can be configured to bind instead.
Can I setup ldap to store the password in different format ?
That would reduce your overall security.
Regards, Buchan