6 Apr
2019
6 Apr
'19
2:29 p.m.
Hi Uchenna,
Thanks for your tip. Let me explain our scenario.
We have our users created and managed using our custom made PHP
application. The username pattern is user@domain.edu and the password is
encrypted using PHP's function crypt() with a blowfish hash ($2y$....). We
have SimpleSAMLphp implementation where all users authenticate using our
SAML IdP. Because SimpleSAMLphp was done in PHP, it was easy for me to
integrate password_verify() to verify passwords supplied by the user.
Now we are trying to implement eduroam. We do not intend creating different
set of users since we already have a database (MySQL). So my worry and
problem now is:-
1. - How do I authenticate users using a PHP script that will verify
supplied passwords using password_verify()
2. - In the case where the above is not obtainable in freeradius, how can I
structure my MySQL database with regards to password encryption and
3. - What is the correct SQL code to use to effectively verify user
passwords to achieve no. 2 above.
Thank you.
On Fri, 5 Apr 2019, 10:23 pm Uchenna Nebedum, <nebeduch@gmail.com> wrote:
> Hi Ekene,
> I think if you explain the entire scenario and what you're trying to
> achieve, they'll be able to help.
>
> I currently have an external application connected to freeradius, but what
> i do is entirely different.
>
> I authenticate users on the application separately, but i don't use the
> password they provide as the radius password, it's generated with a formula
> and SMD5-encrypted.
>
> something like usermac + last 2 letters of first name + last 4 digits of
> phone number. Then salted and encrypted and stored in Freeradius.
>
> Uchenna Nebedum
>
> On Fri, Apr 5, 2019, 16:23 Ekene Ezeasor <ezeasorekene@gmail.com> wrote:
>
> > Hi all,
> >
> > Please our users' password are encrypted using crypt() (blowfish)
> function
> > in PHP. Now I want to use password_verify() to check the submitted
> password
> > and I intend doing that in PHP. I have updated my authorize section to
> use
> > the external PHP script like this:
> >
> > update control {
> > Auth-type := "/usr/bin/php -f
> > /etc/freeradius/3.0/php/checkpassword.php %{User-Name} %{User-Password}"
> > &Proxy-To-Realm := LOCAL
> > }
> >
> > But only the username is sent to the external PHP file. The password is
> > empty.
> >
> > We are already running a large database and it may not be easy to change
> to
> > another encryption method. Therefore this is very important and we really
> > need to implement it.
> >
> > Please can someone help. Thanks. Regards
> >
> >
> >
> > ___________________________
> > Ekene Ezeasor
> > IT Consultant,
> > Codee Solutions
> > *Phone*: 08063961963
> > *Web*: www.codeeltd.com
> > ------------------------------
> >
> > *DISCLAIMER NOTICE:*
> > *This e-mail, any attachments thereto and response string is intended
> > solely for the attention and use of the addressee(s) named herein and may
> > contain legally privileged and/or confidential information. In the event
> > that you are not the intended recipient(s) of this e-mail and any
> > attachments thereto, be notified that any dissemination, distribution or
> > copying of this e-mail and any attachments thereto, is strictly
> prohibited.
> > If you have received or otherwise encountered this e-mail in error,
> please
> > immediately notify the sender and permanently delete the e-mail, any
> > attachments and response string as well as any copy printout in
> connection
> > therewith.*
> > ------------------------------
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html