On 15 August 2012, at 14:23, Fajar A. Nugraha wrote:
On Thu, Aug 16, 2012 at 3:40 AM, Robert Haskins <robert.haskins@gmail.com> wrote:
I get a reject, even though the crypt'd passwords match!
That's not how crypt works. You don't compare the crypted password.
[pap] login attempt with password "krt444"
that is what the user sends
[pap] Using CRYPT password "*3u.3LS/VKTOVc"
that is what FR reads from whatever backend which stores user information (in your case, should be the unix module)
The crypt'd password ("*3u.3LS/VKTOVc") is exactly what is in the /etc/shadow file.
because that's where FR reads it from, of course it's the same.
So I am confident the shared secret is correct.
Shared secret has nothing to do with your problem.
What am I doing wrong?
Simple. Is "krt444" the correct password? FR says it's not.
I don't know for sure about your system, but most Unix based systems will not generate a * in the encrypted password. Normally that is used to indicate a locked or disabled account. From the FreeBSD man pages: A password of `*' indicates that password authentication is disabled for that account (logins through other forms of authentication, e.g., using ssh(1) keys, will still work). The field only contains encrypted pass- words, and `*' can never be the result of encrypting a password. You might want to try reentering that password or check your man pages.