| System TipThis
article applies to a different version of Windows than the one you are
using. Content in this article may not be relevant to you. | |
Important
This article contains information about how to modify the registry.
Make sure to back up the registry before you modify it. Make sure that
you know how to restore the registry if a problem occurs. For more
information about how to back up, restore, and modify the registry,
click the following article number to view the article in the Microsoft
Knowledge Base:
Description of the Microsoft Windows registry
|
This
article discusses the pending removal of the Microsoft Extensible
Authentication Protocol-Message Digest 5 (EAP-MD5) implementation from
versions of Windows Vista.
Starting with the public release of Windows Vista, the Microsoft
EAP-MD5 implementation is being deprecated from Windows. The removal
of the Microsoft implementation of EAP-MD5 directly affects remote
access services, virtual private network (VPN) services, and wired
802.1X deployments. By default, these components can no longer use the
Microsoft EAP-MD5 implementation for authentication.
The decision
to remove the Microsoft EAP-MD5 implementation was made in the interest
of improving security in Windows Vista. Because EAP-MD5 does not meet
Microsoft security requirements for Windows Vista, we no longer support
the Microsoft EAP-MD5 implementation for authentication purposes.
Although
the EAP-MD5-related registry keys no longer appear in Windows Vista,
the EAP-MD5 functionality will remain in the Raschap.dll file until the
release of the next major version of the Windows operating system.
Because the pending removal of the Microsoft EAP-MD5 implementation may
affect users who use EAP-MD5 in versions of Windows Vista, the EAP-MD5
functionality can be manually enabled. You must use the registry keys
that are listed later in this section to re-enable the Microsoft native
EAP-MD5 method.
Important We are not removing support for
EAP-MD5 in Windows Vista. Instead, we are removing support for the
Microsoft implementation of EAP-MD5. You can still use EAP-MD5 in
Windows Vista by obtaining a third-party EAP-MD5 implementation or by
configuring your own EAP-MD5 EAPHost-compliant EAP method.
How to re-enable EAP-MD5 support in versions of Windows Vista
Warning
Serious problems might occur if you modify the registry incorrectly by
using Registry Editor or by using another method. These problems might
require that you reinstall your operating system. Microsoft cannot
guarantee that these problems can be solved. Modify the registry at your
own risk.
To re-enable EAP-MD5 support in versions of Windows Vista, add the following registry entries:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP\4
- Value name: RolesSupported
-
Value type: REG_DWORD
-
Value data: 0000000a
-
-
Value name: FriendlyName
-
Value type: REG_SZ
-
Value data: MD5-Challenge
-
-
Value name: Path
-
Value type: REG_EXPAND_SZ
-
Value data: %SystemRoot%\System32\Raschap.dll
-
-
Value name: InvokeUsernameDialog
-
Value type: REG_DWORD
-
Value data: 00000001
-
-
Value name: InvokePasswordDialog
-
Value type: REG_DWORD
-
Value data: 00000001
阅读(1461) | 评论(0) | 转发(0) |