Hi all. I set up a squid installation which asks for credentials to a freeradius server (with MySql DB), using squid_radius_auth. Everything works with cleartext passwords, having two entries like the following on radcheck table: id username attribute op value 1 user Cleartext-Password := password 2 user Expiration := June 30 2015 14:7:8 I'm trying to understand how can I use digest authentication: is it possible? What should I change in freeradius configuration? How should I modify user entry in radcheck table? Thanks in advance. Regards. -- GP
Dear Community of FreeRadius Greetings, i am not new to open source Linux / Unix system but new to FreeRadius. Have anyone got FreeRadius AAA running in fail over mode (replication)? it is possible to download .ovf template from some where, already configured up and running FreeRadius? Thanks / Regards Nath
Germano Paciocco wrote:
I'm trying to understand how can I use digest authentication: is it possible?
Yes.
What should I change in freeradius configuration?
Nothing. Just have the client send digest authentication.
How should I modify user entry in radcheck table?
Don't. Alan DeKok.
Alan DeKok wrote:
I'm trying to understand how can I use digest authentication: is it possible? Yes.
very good!
What should I change in freeradius configuration?
Nothing. Just have the client send digest authentication.
I think all recent browsers do it, is it right?
How should I modify user entry in radcheck table?
Don't.
Now I think it's a Squid problem. I know this is not the right place, but if someone has some hints regarding squid-freeradius interaction with digest authentication, please let me know! PS: i followed this http://freeradius.org/radiusd/man/rlm_digest.html, and made digest auth works. By the way I thought that I had to store only password hash... why do I need yet to store cleartext password? It is possible avoid this (for http authentication)? -- GP
Germano Paciocco wrote:
I think all recent browsers do it, is it right?
The browsers don't do RADIUS. You need to ensure that squid does RADIUS.
How should I modify user entry in radcheck table?
Don't.
Now I think it's a Squid problem. I know this is not the right place, but if someone has some hints regarding squid-freeradius interaction with digest authentication, please let me know!
Read the squid documentation.
PS: i followed this http://freeradius.org/radiusd/man/rlm_digest.html, and made digest auth works. By the way I thought that I had to store only password hash... why do I need yet to store cleartext password?
Because digest authentication requires the cleartext password.
It is possible avoid this (for http authentication)?
No. Alan DeKok.
participants (3)
-
Alan DeKok -
Germano Paciocco -
Shiv. Nath