Storing hashes in MySQL when using MS_CHAP

Alan DeKok aland at deployingradius.com
Tue Mar 17 19:40:12 CET 2009


Yuriy Grishin wrote:
> Hello,
> 
>    I'm trying to conceal plain-text passwords from my radius.radcheck
> database in order to it'll be useless if it's stolen.

  That's admirable, but generally useless.  And often counter-productive.

> |  1 | user1    | Password-With-Header | := |
> {md5}c4ca4238a0b923820dcc509a6f75849b |

  MD5 hashed passwords...

> and raduis -X said :
...
> modcall: leaving group authorize (returns ok) for request 0
>  rad_check_password:  Found Auth-Type CHAP

  ... are incompatible with CHAP.

http://deployingradius.com/documents/protocols/compatibility.html

  What you want to do is impossible.  You MUST have the clear-text
passwords in the DB in order to do CHAP.

> It that possible to get hashed passwords together with MS_CHAP?

  You are doing CHAP, not MS-CHAP.  They are very different.

  Alan DeKok.



More information about the Freeradius-Users mailing list