Thank you Alan for your reply. Changing the passwords to clear-text is not an option ofcourse and we do Wi-Fi. Assuming we want to start using the SQL authorization with sha512 (with hash). How do I implement the SQL query to check for sha512 password using the correct hash? Thanks On Fri, Apr 5, 2019 at 4:29 PM Alan DeKok <aland@deployingradius.com> wrote:
On Apr 5, 2019, at 11:22 AM, Ekene Ezeasor <ezeasorekene@gmail.com> wrote:
Please our users' password are encrypted using crypt() (blowfish) function in PHP. Now I want to use password_verify() to check the submitted password and I intend doing that in PHP. I have updated my authorize section to use the external PHP script like this:
update control { Auth-type := "/usr/bin/php -f /etc/freeradius/3.0/php/checkpassword.php %{User-Name} %{User-Password}" &Proxy-To-Realm := LOCAL }
But only the username is sent to the external PHP file. The password is empty.
If you're using WiFi, the User-Password won't exist. See the debug output for more information.
We are already running a large database and it may not be easy to change to another encryption method. Therefore this is very important and we really need to implement it.
See:
http://deployingradius.com/documents/protocols/compatibility.html
The clients will need to do TTLS with inner-tunnel PAP. Everything else won't work.
Your choices are:
* use TTLS with inner PAP * don't do WiFi * change all the passwords in the database to clear-text
Pick one.
Alan DeKok
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html