Attached is a minor patch to include support for BASE64_MD5 encoded passwords in a LDAP directory (or anywhere else it may be, as the pap module does the authenticate).
In ldap the record would look like:
userPassword: {BASE64_MD5}/F4DjTilcDIIVEHn/nAQsA==
If the password was helloworld
Thankfully the pap module is clever enough to normalize the password from Base64 encoding automatically so the BASE64_MD5 tag just needed to be added under header_names array, and then do the MD5. So no code change was really required.
The debug trace shows:
[ldap] looking for check items in directory...
[ldap] userPassword -> Password-With-Header == "{BASE64_MD5}/F4DjTilcDIIVEHn/nAQsA=="
[ldap] looking for reply items in directory...
[ldap] user peterltest authorized to use remote access
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "helloworld"
[pap] Using MD5 encryption.
[pap] Normalizing MD5-Password from base64 encoding
[pap] User authenticated successfully
++[pap] returns ok
Cheers
Peter