freeradius+freebsd
James Devine
fxmulder at gmail.com
Thu Feb 4 16:45:23 CET 2010
the problem seems to be that getpwnam in rlm_unix is getting '*' for
the encrypted password when not running as root, this works fine if it
runs as root. Is there another way of retrieving the password from
the passwd file without having to run as root?
On Thu, Feb 4, 2010 at 1:10 AM, Alan DeKok <aland at deployingradius.com> wrote:
> James Devine wrote:
>> I'm trying to setup a freeradius server on freebsd7 to authenticate
>> against the local passwd file and seem to be running into some
>> problems.
>
>> and /etc/pam.d/radiusd setup such as:
>
> Err... why?
>
> You don't need to use PAM to authenticate against the password file.
>
>> ++[unix] returns updated
>
> i.e. it found the user via getpwent().
>
> And you haven't configured it to use PAM at all.
>
>> [pap] login attempt with password "testpass"
>> [pap] Using CRYPT encryption.
>> [pap] Passwords don't match
>
> Well... is there a user in /etc/passwd with that name && password?
>
>> The password is correct, I'm not sure if the CRYPT encryption method
>> is correct because I believe the passwords are stored as md5 hashes in
>> the passwd file, any idea where I may be going wrong?
>
> The passwords are likely stored as salted MD5 hashes.
>
> And the authentication is done by calling the crypt() function on your
> local system. Since the system supports MD5 passwords, crypt() should
> support them, too.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list