2.x.x (and earier?): yet another decoding SSHA issue
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Wed Jul 17 09:06:19 CEST 2013
> Or do I still have to change my encoding of the hashes from base64 to
> hex in the DB attribute's value, and *additionally* use the string cast
> later on in rlm_pap to prevent any further touching of the hash value?
>
> In any case, let me know when there's something to test in 2.x.x.
The solution I posted earlier should work fine:
update control {
SSHA1-Password = "%{base64tohex:SSHA1-Password-Base64}"
}
You will need to define the local string attribute 'SSHA1-Password-Base64' and change the attribute in the database.
The worry was normification could potentially mangle the binary version of the password further, hence the additional discussion around disabling it.
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
More information about the Freeradius-Devel
mailing list