Crypted Password Problem with DIGEST
Philippe Sultan
philippe.sultan at gmail.com
Mon Oct 10 13:49:56 CEST 2005
Hi, Meltem.
DIGEST mode does not work with encrypted passwords. However, one way to
have an encrypted password storage is to store a hash value of the
username:realm:password string in the User-Password field of your entry.
digest module configuration must include this line :
digest {
enc_mode=yes
}
Auth-Type might be set to Digest, but it is not necessary since Freeradius
will trigger the rlm_digest module when parsing the Access-Request.
If you want to build the hash value, try this command :
echo -n 'username:realm:password' | md5sum
You might want to test this patch for that purpose :
http://bugs.freeradius.org/show_bug.cgi?id=287
Please give some feedback if you ever test it, since I suspect some
modifications are needed. The advice of Freeradius managers is also needed,
since a configuration option to the rlm_digest module has been added.
Best regards,
Philippe
---
Mon, 10 Oct 2005 01:25:09 -0700
Hello,
I am using SIP Express Router(SER) version 0.9.3 and freeRADIUS version
1.0.4.
SIP uses digest as authentication scheme.
I am trying to keep the user passwords as encrypted in freeRadius DB which is
mySql table radcheck. The system is working with plaintext password, but it
does not work with encrypted passwords even I tried all type of
configurations.
My first question is "Does DIGEST work with ENCRYPTED PASSWORDS" ???
Since Digest is a must for SIP.
If NOT, what authentication scheme can I use to make SIP work with freeRADIUS?
If DIGEST works with encrypted passwords, what should be the
configuration files:
1) in radiusd.conf ?
2) What should be the value of "Auth-Type" parameter in radcheck or
radgroupchek
tables ?
3) What should be the attribute for password in radcheck table ? Is it
"User-Password"
or
"Chap-Password" or "Crypt-Password" ??
I'll appreciate very much if anyone can help.
Regards,
Meltem Kirisci
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20051010/e46a7cbf/attachment.html>
More information about the Freeradius-Users
mailing list