MD5-Password attribute

Michael Hocke mh103 at
Mon May 16 17:08:28 CEST 2016

Hi everybody,

up until now we stored the base64_md5 formatted hash in MD5-Password. Then somebody came along whose hash starts with ‘0X’ and it broke the SQL module because it tried (and failed, of course) to convert the base64 string into hex since it starts with 0X and the type of the MD5-Password, as defined in the dictionary, is Octet. I believe this should be documented and the rlm_pap man page should not suggest that a base64 encoded MD5 hash can be stored in the MD5-Password attribute. Or maybe this is a bug and the conversion should work just fine?

What is a more favorable approach now? Using just the hex presentation of the hash and leave it in MD5-Password or rather use Password-With-Header and prepend {base64_md5}? Is one preferred over the other?


- Michael

More information about the Freeradius-Users mailing list