On Jun 18, 2016, at 12:35 PM, Nicolas Roussi <nicolas.roussi@archimedean.org> wrote:
My understanding after reviewing the debug messages is that upon association with the AP, the client performs a key exchange with FR server. Then, once the secure channel is setup, the client is asked to provide username and password. Is my understanding correct? I used this guide: https://sites.google.com/site/strangemovement/raspberry-pi/04---install-and-... <https://sites.google.com/site/strangemovement/raspberry-pi/04---install-and-configure-wpa2-enterprise>
That password is expected (or it defaults to) Cleartext-Password. Is there a way that I can change that? As I said before, it works. I just don’t feel comfortable saving user passwords in cleartext in my DB.
So while I was writing the above reply, I thought of the following. I will save the password in the DB like this: username | attribute | op | value <username> | Cleartext-Password | := | <hashed password>
Don't do that. Cleartext-Password is the CLEAR TEXT PASSWORD.
And then modify the dialup.conf file for the authorize_check_query.
Don't do that, either.
Should work fine.
It might "work". It's not a reasonable thing to do. If you want to store hashed passwords in the database, read "man rlm_pap". This is documented. Alan DeKok.