17 Jul
2013
17 Jul
'13
3:06 a.m.
Or do I still have to change my encoding of the hashes from base64 to hex in the DB attribute's value, and *additionally* use the string cast later on in rlm_pap to prevent any further touching of the hash value?
In any case, let me know when there's something to test in 2.x.x.
The solution I posted earlier should work fine: update control { SSHA1-Password = "%{base64tohex:SSHA1-Password-Base64}" } You will need to define the local string attribute 'SSHA1-Password-Base64' and change the attribute in the database. The worry was normification could potentially mangle the binary version of the password further, hence the additional discussion around disabling it. Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team