Hi,<div><span> I am using free-radius-2.1.12. My requirement is to change algorithms used in my project to FIPS complaint ones. I see that radius uses MD5 for encoding/decoding passwords. I am using PAP authentication.</span></div><div><span> In my radius client I changed encoding to SHA1; due to which radius started rejecting auth requests saying password mismatch from rlm_pap which is obvious. </span></div><div><span> I tried changing few things in lib/radius.c to SHA1 but with no success.</span></div><div><br></div><div>I ran radiusd with -X option and I saw following:</div><div><span style="background-color: rgb(182, 215, 168);">With MD5 from client</span>:</div><div><div><span> <span> </span></span>User-Name = "vishal"</div><div> Calling-Station-Id = "00-23-68-0F-1A-E6"</div><div> NAS-Port = 0</div><div> NAS-Port-Type = Wireless-802.11</div><div> Framed-MTU = 1400</div><div> Service-Type = Framed-User</div><div> NAS-IP-Address = 127.0.0.1</div><div> NAS-Identifier = "ap7131-0F1AE6"</div><div> NAS-Port-Id = "0"</div><div> <span style="background-color: rgb(255, 0, 0);">User-Password = "vishal123"</span></div><div><br></div><span style="background-color: rgb(182, 215, 168);">With SHA1 from client</span>:</div><div><span> <span> </span></span>User-Name = "vishal"<div> Calling-Station-Id = "00-23-68-0F-1A-E6"</div><div> NAS-Port = 0</div><div> NAS-Port-Type = Wireless-802.11</div><div> Framed-MTU = 1400</div><div> Service-Type = Framed-User</div><div> NAS-IP-Address = 127.0.0.1</div><div> NAS-Identifier = "ap7131-0F1AE6"</div><div> NAS-Port-Id = "0"</div><div> <span style="background-color: rgb(255, 0, 0);">User-Password = "\364~\224-\277\370R,\254\264\20517/\246&"</span></div><div><br></div><div><br></div><div>Please help me change MD5 to Sha1. A quick pointer or exact place to change will help a lot.</div><div><br></div>Thanks and Regards,<br>
Vishal Kotalwar,<br>Bangalore-35.<br>
09900055647.</div>
<br><a href='http://sigads.rediff.com/RealMedia/ads/click_nx.ads/www.rediffmail.com/signatureline.htm@Middle?'><img src="http://sigads.rediff.com/RealMedia/ads/adstream_nx.ads/www.rediffmail.com/signatureline.htm@Middle"></a><br><table width="578" border="0" cellspacing="0" cellpadding="0"><tbody><tr><td><span style="font-family:Arial, Helvetica, sans-serif; font-size:12px; color:#393939;">Follow <span style="color:#0000CC;"><b><u><a href='http://track.rediff.com/click?url=___http://dealhojaye.rediff.com?sc_cid=rediffmailsignature___&cmp=signature&lnk=rediffmailsignature&newservice=deals'>Rediff Deal ho jaye!</a></u></b></span> to get exciting offers in your city everyday.</span></td></tr></tbody></table>
<br><A HREF="http://sigads.rediff.com/RealMedia/ads/click_nx.ads/www.rediffmail.com/signatureline.htm@Middle?" target="_blank"><IMG SRC="http://sigads.rediff.com/RealMedia/ads/adstream_nx.ads/www.rediffmail.com/signatureline.htm@Middle"></A><br><table width="578" border="0" cellspacing="0" cellpadding="0"><tr><td><span style="font-family:Arial, Helvetica, sans-serif; font-size:12px; color:#393939;">Follow <span style="color:#0000CC;"><b><u><a href="http://track.rediff.com/click?url=___http://dealhojaye.rediff.com?sc_cid=rediffmailsignature___&cmp=signature&lnk=rediffmailsignature&newservice=deals" target="_blank">Rediff Deal ho jaye!</a></u></b></span> to get exciting offers in your city everyday.</span></td></tr></table>