3.10.58. EAP_PWD_PrepMethod Previous topic Parent topic Child topic Next topic

This parameter specifies a password preparation method to be used in EAP-pwd authentication. RFC 5931, that defines EAP-pwd, specifies three password pre-processing methods. RFC 8146 specifies additional methods which are not implemented by Radiator yet. Preparation methods are configured with an optional parameter EAP_PWD_PrepMethod. The default value is None. The currently available methods are shown in the table below.

Table 7. Allowed values for EAP_PWD_PrepMethod

Preparation method Explanation
None Password is used as is. No additional preparation is done. The password must be stored in plain text, including rcrypt, format.
NtHash Password is processed to produce the output PasswordHashHash, as defined in RFC 2759. The password must be stored in plain text, including rcrypt, or NT hashed format. This requires Digest::MD4 Perl module.
SASLprep Password is processed according to RFC 5931 SASLprep specification. The password must be stored in plain text, including rcrypt, format. This requires Authen::SASL::SASLprep version 1.100 or later.
CAUTION
EAP-pwd clients may not support other methods than None. For example, wpa_supplicant 2.6+fixes is needed for the NtHash method to work.
Here is an example of using EAP_PWD_PrepMethod:
# Our passwords are stored in {nthash} prefixed format
EAP_PWD_PrepMethod NtHash