Matt / Development Team, Would it be possible to integrate Salted SHA-512 into freeradius. I did speak with our contact with the PCI Compliance team and they are saying that the information has to be SHA-512/Salted... In the next few years they are talking about SHA-3 if it gets finalized. I would really appreciate if someone on the team could do this :) Robert Graham Network Engineer U-Haul International 2727 N. Central Ave Phoenix, AZ 85004 FreeRadius users mailing list <freeradius-users@lists.freeradius.org> writes:
On Mon, Jan 12, 2015 at 04:29:27PM -0700, Robert Graham wrote:
This is what I have but yet I know it is incorrect. I dont want to use any groups, it is strictly for someone to logon to our vpn and wireless connections. The passwords are stored in SHA-512 with Salt and unicoding.
Just be aware that if your passwords are SHA-512 you're limiting wireless authentication to something that involves PAP (e.g. EAP/TTLS-PAP), which e.g Windows<8.0 doesn't support natively.
Then you're down to something like Arran suggested
in inner-tunnel authorize:
update control { SHA2-Password := "%{sql:SELECT password FROM table WHERE ...}" } pap
Matthew
-- Matthew Newton, Ph.D. <mcn4@le.ac.uk>
Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html