Re: Help: PAP with Sha1

vishal_nitr vishal_nitr at
Fri Apr 20 14:01:09 CEST 2012

Thanks for the mail Alan. I don't agree with your comment that it is *not* RADIUS if we choose SHA1 over MD5. RADIUS supports SHA1 hashed user-password attribute. Following link confirms it. have a look.

Thanks and Regards,

Vishal Kotalwar,


From: Alan DeKok <aland at>
Sent: Fri, 20 Apr 2012 17:07:45 
To: vishal_nitr at, FreeRadius users mailing list <freeradius-users at>
Subject: Re: Help: PAP with Sha1
vishal_nitr wrote:

>     I am using free-radius-2.1.12. My requirement is to change

> algorithms used in my project to FIPS complaint ones.

  That is changing the RADIUS protocol.  It won't be compatible with any

other RADIUS system on the planet.  Changing the protocol is not a good


> I see that radius

> uses MD5 for encoding/decoding passwords. I am using PAP authentication.

>     In my radius client I changed encoding to SHA1; due to which radius

> started rejecting auth requests saying password mismatch from rlm_pap

> which is obvious. 

>     I tried changing few things in lib/radius.c to SHA1 but with no success.

  This list isn't the place to ask questions about coding.  It's for

questions related to configuring FreeRADIUS.

  Coding questions normally belong on the freeradius-devel list.

However, because you're *not* using RADIUS, your coding questions don't

belong there.

  We can't help you change RADIUS.  I suggest debugging the program

yourself.  Standard C skills will help here.

  Alan DeKok.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list