Help: PAP with Sha1

alan buxey A.L.M.Buxey at
Fri Apr 20 14:08:02 CEST 2012

>    Thanks for the mail Alan. I don't agree with your comment that it is *not*
>    RADIUS if we choose SHA1 over MD5. RADIUS supports SHA1 hashed
>    user-password attribute. Following link confirms it.

are you talking about changing user passwords (as i first assumed) or are you talking
about changing the way RADIUS packets are passed (as Alan mentioned)?

if the former, then no code changes are needed on the takes SHA1 fine.

it you are talking about doing SHA1 for the shared secret - which then encrypts the
payload for passwords access-requests - then thats playing with RADIUS specification...
and if you are thinking of doing that then I'd say  STOP and use RADSEC instead.


More information about the Freeradius-Users mailing list