Hi, I set PAP module as below. In my DB, user attribute is User-Password. Value of User-Password is an MD5 or CRYPT password. Shouldn't auto-header=yes able to detect the encryption scheme used in the password? What will the auto-header setting for if I still have to specifically set attributes such as MD5-Password or Cleartext-Password, etc. pap { auto_header = yes } thanks, det
That would depend on whether you've add the correct header to the hash :) /* * For auto-header discovery. */ static const FR_NAME_NUMBER header_names[] = { { "{clear}", PW_CLEARTEXT_PASSWORD }, { "{cleartext}", PW_CLEARTEXT_PASSWORD }, { "{md5}", PW_MD5_PASSWORD }, { "{smd5}", PW_SMD5_PASSWORD }, { "{crypt}", PW_CRYPT_PASSWORD }, { "{sha}", PW_SHA_PASSWORD }, { "{ssha}", PW_SSHA_PASSWORD }, { "{nt}", PW_NT_PASSWORD }, { "{nthash}", PW_NT_PASSWORD }, { "{x-nthash}", PW_NT_PASSWORD }, { "{ns-mta-md5}", PW_NS_MTA_MD5_PASSWORD }, { "{x- orcllmv}", PW_LM_PASSWORD }, { "{X- ORCLNTV}", PW_NT_PASSWORD }, { NULL, 0 } }; -Arran On 22 Aug 2011, at 11:46, Det Det wrote:
Hi,
I set PAP module as below. In my DB, user attribute is User-Password. Value of User-Password is an MD5 or CRYPT password. Shouldn't auto-header=yes able to detect the encryption scheme used in the password? What will the auto-header setting for if I still have to specifically set attributes such as MD5-Password or Cleartext-Password, etc.
pap { auto_header = yes }
thanks, det - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Arran Cudbard-Bell a.cudbardb@freeradius.org RADIUS - Half the complexity of Diameter
* added, And no you shouldn't need to use auto-hearder if you've set the appropriate password attribute. The recommended way is to prepend the headers, and use auto_header as its more flexible, and allows you to migrate between hash schemes non disruptively. -Arran On 22 Aug 2011, at 12:00, Arran Cudbard-Bell wrote:
That would depend on whether you've add the correct header to the hash :)
/* * For auto-header discovery. */ static const FR_NAME_NUMBER header_names[] = { { "{clear}", PW_CLEARTEXT_PASSWORD }, { "{cleartext}", PW_CLEARTEXT_PASSWORD }, { "{md5}", PW_MD5_PASSWORD }, { "{smd5}", PW_SMD5_PASSWORD }, { "{crypt}", PW_CRYPT_PASSWORD }, { "{sha}", PW_SHA_PASSWORD }, { "{ssha}", PW_SSHA_PASSWORD }, { "{nt}", PW_NT_PASSWORD }, { "{nthash}", PW_NT_PASSWORD }, { "{x-nthash}", PW_NT_PASSWORD }, { "{ns-mta-md5}", PW_NS_MTA_MD5_PASSWORD }, { "{x- orcllmv}", PW_LM_PASSWORD }, { "{X- ORCLNTV}", PW_NT_PASSWORD }, { NULL, 0 } };
-Arran
On 22 Aug 2011, at 11:46, Det Det wrote:
Hi,
I set PAP module as below. In my DB, user attribute is User-Password. Value of User-Password is an MD5 or CRYPT password. Shouldn't auto-header=yes able to detect the encryption scheme used in the password? What will the auto-header setting for if I still have to specifically set attributes such as MD5-Password or Cleartext-Password, etc.
pap { auto_header = yes }
thanks, det - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Arran Cudbard-Bell a.cudbardb@freeradius.org
RADIUS - Half the complexity of Diameter
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Arran Cudbard-Bell a.cudbardb@freeradius.org RADIUS - Half the complexity of Diameter
Yeah, perhaps, the header was not in the password value. I use dialup-admin and MySQL. Anyway, I ended up using the specific password attribute "Crypt-Password" instead of "User-Password". the debug from freeradius shows this. so i guess could be the password storage as you said. Module: Instantiating pap pap { encryption_scheme = "auto" auto_header = yes } ________________________________ From: Arran Cudbard-Bell <a.cudbardb@freeradius.org> To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Cc: Det Det <det.explorer@yahoo.com> Sent: Monday, August 22, 2011 6:16 PM Subject: Re: PAP Auto Header * added, And no you shouldn't need to use auto-hearder if you've set the appropriate password attribute. The recommended way is to prepend the headers, and use auto_header as its more flexible, and allows you to migrate between hash schemes non disruptively. -Arran On 22 Aug 2011, at 12:00, Arran Cudbard-Bell wrote: That would depend on whether you've add the correct header to the hash :)
/* * For auto-header discovery. */ static const FR_NAME_NUMBER header_names[] = { { "{clear}", PW_CLEARTEXT_PASSWORD }, { "{cleartext}", PW_CLEARTEXT_PASSWORD }, { "{md5}", PW_MD5_PASSWORD }, { "{smd5}", PW_SMD5_PASSWORD }, { "{crypt}", PW_CRYPT_PASSWORD }, { "{sha}", PW_SHA_PASSWORD }, { "{ssha}", PW_SSHA_PASSWORD }, { "{nt}", PW_NT_PASSWORD }, { "{nthash}", PW_NT_PASSWORD }, { "{x-nthash}", PW_NT_PASSWORD }, { "{ns-mta-md5}", PW_NS_MTA_MD5_PASSWORD }, { "{x- orcllmv}", PW_LM_PASSWORD }, { "{X- ORCLNTV}", PW_NT_PASSWORD }, { NULL, 0 } };
-Arran
On 22 Aug 2011, at 11:46, Det Det wrote:
Hi,
I set PAP module as below. In my DB, user attribute is User-Password. Value of User-Password is an MD5 or CRYPT password. Shouldn't auto-header=yes able to detect the encryption scheme used in the password? What will the auto-header setting for if I still have to specifically set attributes such as MD5-Password or Cleartext-Password, etc.
pap { auto_header = yes }
thanks, det- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Arran Cudbard-Bell a.cudbardb@freeradius.org
RADIUS - Half the complexity of Diameter - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Arran Cudbard-Bell a.cudbardb@freeradius.org RADIUS - Half the complexity of Diameter
participants (2)
-
Arran Cudbard-Bell -
Det Det