Hi Mikrotik. Please add PAP support to the radius client at login. It uses chap and is not settable if I read manual correctly.
Why some of you may ask? Is'nt chap more secure? Yes but my cents is that I am even more secure and using one time passwords and Hence there is nothing to know beforehand to do a challange on. What I generate at login needs go to server backend to be validated. And if someone is eavesdropping and breaks radius secret hasing the password data is not usable again anywhere so there is no security issue with my approach.
Please let us powerusers chose pap if we need. I want to secure my routers even more and use the same aaa system that I use for all other systems.
Yours Jimmy