PAP Authentication User-Password not working properly

Scott Lambert lambert at lambertfam.org
Sat May 10 00:20:26 CEST 2008


On Fri, May 09, 2008 at 08:17:25PM +0100, Yago Fdez. Hansen wrote:
> Dana 9/5/2008, "Yago Fdez. Hansen" <sti at soportec.com> piše:
> >Hi everybody:
> >
> >I am installing a lab test server with Freeradius 2.0.4 with all
> >the authentication installed: CHAP, PAP, EAP and authorization over
> >MySQL, users, system, and LDAP.
> >
> >I installed it in the few last days and I have everything working
> >now, but as I was testing it, I could notice a bug. I created
> >users in every DB and file all of them with own password and user
> >entries. When I was testing with radtest ALL worked fine, but I
> >noticed that ONLY with PAP authentication and MySQL user it doesn't
> >matter if I put a clear password in radtest larger than the original
> >one I get an Access-Accept message.
> >
> >Example:
> >
> >radtest papsqluser papsecret localhost 0 testing123
> >Access-Accept
> >
> >radtest papsqluser papsecret43343 localhost 0 testing123
> >Access-Accept
> >
> mysql> select  * from radcheck
>    -> ;
> +----+-------------+----------------+----+---------------+
> | id | username    | attribute      | op | value         |
> +----+-------------+----------------+----+---------------+
> |  1 | Chapsqluser | User-Password  | == | chapsecret    |
> |  2 | Chapsqluser | Auth-Type      | := | Local         |
> |  3 | Papsqluser  | Crypt-Password | == | /gTPHauHkNjWE |
> |  4 | Papsqluser  | Auth-Type      | := | Crypt-Local   |
> +----+-------------+----------------+----+---------------+
> 4 rows in set (0.00 sec)

The DES crypt algorithm only deals with the first 8 characters of the
password.  

No bug, working as designed.

-- 
Scott Lambert                    KC5MLE                       Unix SysAdmin
lambert at lambertfam.org




More information about the Freeradius-Users mailing list