Authentication via SQL?
Alan DeKok
aland at deployingradius.com
Sun Jun 12 15:22:16 CEST 2011
Jason Antman wrote:
> I was wondering if it is possible to have a sql authenticate{} section,
> and if so, how to define the queries?
No.
> In the wiki, I find "Many people ask if they can "authenticate" users to
> their SQL database however the answer is "You are asking the wrong
> question." "
>
> So, my question is:
> "When doing PAP (actually EAP-TTLS/PAP, in my case), how do I check a
> user's cleartext User-Password against one stored in a MySQL database?"
You don't. FreeRADIUS selects the password from the database, and
then does authentication itself. Comparing the password manually works
*only* for PAP. If you use CHAP, MS-CHAP, etc. it won't work.
Let FreeRADIUS do its job. It's an authentication server. Let MySQL
do its job. It's a database.
Alan DeKok.
More information about the Freeradius-Users
mailing list