Problem with Digest/OpenSER/Radius
tnt at kalik.co.yu
tnt at kalik.co.yu
Thu Mar 15 21:31:18 CET 2007
You have a table on Alan DeKok's site explaining what protocol/password
hashing combinations are possible and which are not:
http://deployingradius.com/documents/protocols/compatibility.html
Ivan Kalik
Kalik Informatika ISP
Dana 15/3/2007, "Dariusz Dwornikowski" <tdi at vercom.pl> piše:
>
>On 2007-03-15, at 16:55, Alan DeKok wrote:
>
>> Dariusz Dwornikowski wrote:
>>> Hi.
>>> My problem is such, that we store our passwords in Md5 in database,
>>> when authorization request comes from ser, i get digest attributes.
>>> I issue:
>>
>> Digest authentication and MD5 hashed passwords are incompatible.
>>
>> It won't work.
>so I HAVE to user clear text passwords? I was thinking just to
>compare md5 of password from SIP package.
>
>I also tried to use Digest-HA1 instead of User-Password in database,
>but it does not work (i am using freeradius 1.1.4).
>getting: rlm_digest: Configuration item "User-Password" or Digest-HA1
>is required for authentication.
>
>
>>
>>> And in Database I have:
>>>
>>> id = 1
>>> UserName = test001
>>> Attribute=User-Password
>>> Value = test
>>>
>>> Now, my real database stores passwords as md5 hashes and the radius
>>> compares the clear text passwords, how can i force it to compate md5
>>> hashes of passwords?
>>
>> Use the "MD5-Password" attribute, not the "User-Password" attribute.
>> See "man rlm_pap" for more.
>
>can it be combined with digest ? as I am gennting all the time:
>
>rlm_digest: Configuration item "User-Password" or Digest-HA1 is
>required for authentication.
>
>
>>
>> Alan DeKok.
>> --
>> http://deployingradius.com - The web site of the book
>> http://deployingradius.com/blog/ - The blog
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/
>> users.html
>
>--
>Dariusz Dwornikowski
>tdi at vercom.pl
>
>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
More information about the Freeradius-Users
mailing list