You can take a clear-text password and authenticate it to AD via kerberos.
If you have MS-CHAP data, you can't convert it to something which will be accepted by kerberos. You MUST send it to AD as MS-CHAP data (i.e. ntlm), and then AD returns "pass / fail"
If you have MS-CHAP data, you can't convert it to something which will be accepted by kerberos. You MUST send it to AD as MS-CHAP data (i.e. ntlm), and then AD returns "pass / fail"