Freeradius doesn't detect EAP when authenticating against MySQL
preem
primski at gmail.com
Tue Oct 23 08:56:26 CEST 2007
Ah yes, that explains it, thanks Alan.
So, what is a common practice to do this then? I understand its not very
safe nor sane to store passwords in clear text, thats why I wanted to avoid
that, however it seems inevitable.
Let me explain a little better what I'm trying to do:
I am managing a wired network for some 300 users, its a student dorm and the
university owns the network and they require authentication for the ease of
management and control. 802.1x felt like the right way to go, because we are
planning some wireless access points as well. There are HP's Procurve 2650
switches in use. I choose mysql db backend, because I also created set of
PHP scripts, where users can change their passwords and admin can
add/del/modify user info.
So what can one do to avoid storing passes in clear text or is it sane
enough? The server also serves some web pages and dhcp requests.
Thanks for information.
Alan DeKok-4 wrote:
>
> preem wrote:
>> I have a simillar problem with EAP-MD5 authenticating against MySQL
>> DataBase.
>>
>> Whatever i do, it won't accept password, which is stored in the MySQL db
>> using MD5('') function. However, if i send a password's hash as password
>> it
>> accepts it, which indicates something is not hashing password before
>> comparing to the hash in the db.
>
> EAP-MD5 requires access to the clear-text password. MD5 hashed
> passwords are not appropriate.
>
> http://deployingradius.com/documents/protocols/compatibility.html
>
>> I do not understand, should the Windows XP's supplicant encrypt password
>> prior to sending, or does it send it in cleartext and the radius encrypts
>> before comparing?
>
> There is no encryption of the password. It is hashed. The details
> aren't important. Read the above web page for compatibility issues.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
--
View this message in context: http://www.nabble.com/Freeradius-doesn%27t-detect-EAP-when-authenticating-against-MySQL-tf4404187.html#a13358460
Sent from the FreeRadius - User mailing list archive at Nabble.com.
More information about the Freeradius-Users
mailing list