Re: encrypted password

[Arran Cudbard-Bell <A.Cudbard-Bell@sussex.ac.uk>]

tnt@kalik.co.yu wrote:
> Did you put "9D8wtP7DGqgCg" or 9D8wtP7DGqgCg into the database? Use
> crypt and check if that is the crypted password you think it should be.
>
> Ivan Kalik
> Kalik Informatika ISP
>
> Dana 12/6/2007, "Felipe Ceglia - PY1NB" <felipe-listas@terenet.com.br>
> piše:
>
> > Hi Arran,
> >
> > Thank you for your reply.
> >
> > I tried Crypt-Password := "9D8wtP7DGqgCg", but then the debug says:
> >
> > (...)
> > modcall[authorize]: module "sql" returns ok for request 2
> > modcall: group authorize returns ok for request 2
> > rad_check_password:  Found Auth-Type Local
> > auth: type Local
> > auth: user supplied User-Password does NOT match local User-Password
> > auth: Failed to validate the user.
> > Login incorrect: [anavc/2572ava] (from client localhost port 0)
> > Delaying request 2 for 2 seconds
> >
> > When I try with a clear text password user, it says:
> >
> > (...)
> > modcall[authorize]: module "sql" returns ok for request 3
> > modcall: group authorize returns ok for request 3
> > rad_check_password:  Found Auth-Type Local
> > auth: type Local
> > auth: user supplied User-Password matches local User-Password
> > (...)
> >
> >
> > Thank you,
> >
> > Felipe
> >
> >
> >
> > Arran Cudbard-Bell wrote:
> > > Felipe Ceglia - PY1NB wrote:
> > > > Hi again,
> > > >
> > > > I need to migrate my users from plain old unix passwd file to sql.
> > > >
> > > > How do I have the user information in the radcheck table?
> > > >
> > > > Encrypted-Password == 9D8wtP7DGqgCg ?
> > > >
> > > > My passwd file looks like:
> > > > anavc:9D8wtP7DGqgCg:1002:300:#Ana:/home/dummy:/usr/bin/passwd
> > > >
> > > > This password seems not to be MD5.
> > > >
> > > > Any guesses?
> > > >
> > > > Thank you again,
> > > >
> > > > Felipe
> > > >
> > > > -
> > > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
> > > That would be unix crypt.
> > >
> > > The attribute in radcheck is
> > >
> > > Crypt-Password := "9D8wtP7DGqgCg"
> > > -
> > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hmm,
You are sending the users password as plaintext or something reversible 
like GTC ?

You can only use crypted passwords if the pass-phrase is being sent in 
the clear...

Oh and you'd also need the PAP module uncommented in authorise and 
authenticate, as it's the one that deals with calculating hashes for 
comparison.

--
Arran Cudbard-Bell (A.Cudbard-Bell@sussex.ac.uk)
Authentication, Authorisation and Accounting Officer
Infrastructure Services | ENG1 E1-1-08
University Of Sussex, Brighton
EXT:01273 873900 | INT: 3900