Hash/Salt password with mysql

Moataz Elmasry zaza1851983ml at googlemail.com
Mon Aug 10 23:23:00 CEST 2015 

No I didn't hex encode it.

I'm using a stock freeradius 2.1.12 coming with Ubuntu 14.04

The table has been created as follows:

This is the table schema

CREATE TABLE `accounts_dummy` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `username` varchar(45) NOT NULL,
  `hash` varchar(255) NOT NULL,
  `salt` varchar(45) NOT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `id_UNIQUE` (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=latin1;


And insert the user as follows
echo "INSERT INTO `accounts_dummy` (`id`, `username`, `hash`, `salt`)
VALUES ('1', 'freddi', '$( echo -n "wilmaberlin" | openssl sha1)',
'berlin');" > insert_user.sql

After insertion I made sure that the sha1 in the db is:
ae5fb20004bd032779db7ecb7eda7973fa25d281





On Mon, Aug 10, 2015 at 9:44 PM, Arran Cudbard-Bell <
a.cudbardb at freeradius.org> wrote:

>
> > On Aug 10, 2015, at 3:38 PM, Moataz Elmasry <
> zaza1851983ml at googlemail.com> wrote:
> >
> > Hi Arran and thanks for the quick reply
> >
> > Unfortunately I can't seem to get it running, getting a "[pap] Passwords
> don't match"  error
> >
> > Here's the simplest example I could come up with:
> >
> > username: freddi
> > password: wilma
> > salt: berlin
> >
> > Then hashed the password+salt:
> >  echo -n "wilmaberlin" | openssl sha1
> > (stdin)= ae5fb20004bd032779db7ecb7eda7973fa25d281
> >
> >
> > In the users table, the hash is set to that sha1, while salt=berlin
> >
> > Then here's the configuration from sites-enabled/default:
> >
> > update control {
> >                 Tmp-String-0 := "%{sql:SELECT hash FROM accounts WHERE
> username = '%{User-Name}'}"
> >                 Tmp-String-1 := "%{sql:SELECT salt FROM accounts WHERE
> username = '%{User-Name}'}"
> >         }
> >
> >         update control {
> >                 SSHA-Password :=
> "%{control:Tmp-String-0}%{control:Tmp-String-1}"
> >         }
> >
> > I removed the 0x before the password value, so that it gets normalized
>
> Is the salt hex encoded also when it comes out of the db?
>
> -Arran
>
>

More information about the Freeradius-Users mailing list