Currently running FreeRADIUS Version 3.0.15 and looking for confirmation of SHA3 support as I found this page (https://freeradius.org/radius d/man/rlm_pap.html) that has SHA3 listed, but when I run man rlm_pap I have significantly fewer options. Just wanted to confirm if support for SHA3 in FreeRADIUS is available yet? My "man rlm_pap" below. rlm_pap(5) FreeRADIUS Module rlm_pap(5) NAME rlm_pap - FreeRADIUS Module DESCRIPTION The rlm_pap module authenticates RADIUS Access-Request packets that contain a User-Password attribute. The module should also be listed last in the authorize section, so that it can set the Auth-Type attribute as appropriate. When a RADIUS packet contains a clear-text password in the form of a User-Password attribute, the rlm_pap module may be used for authentication. The module requires a "known good" password, which it uses to validate the password given in the RADIUS packet. That "known good" password must be supplied by another module (e.g. rlm_files, rlm_ldap, etc.), and is usually taken from a database. CONFIGURATION The only configuration item is: normalise The default is "yes". This means that the module will try to automatically detect passwords that are hex- or base64-encoded and decode them back to their binary representation. However, some clear text passwords may be erroneously converted. Setting this to "no" prevents that conversion. USAGE The module looks for the Password-With-Header control attribute to find the "known good" password. The attribute value comprises the header followed immediately by the password data. The header is given by the following table. Header Attribute Description ------ --------- ----------- {clear} Cleartext-Password clear-text passwords {cleartext} Cleartext-Password clear-text passwords {crypt} Crypt-Password Unix-style "crypt"ed passwords {md5} MD5-Password MD5 hashed passwords {base64_md5} MD5-Password MD5 hashed passwords {smd5} SMD5-Password MD5 hashed passwords, with a salt {sha} SHA-Password SHA1 hashed passwords SHA1-Password SHA1 hashed passwords {ssha} SSHA-Password SHA1 hashed passwords, with a salt SSHA1-Password SHA1 hashed passwords, with a salt {ssh2} SHA2-Password SHA2 hashed passwords {ssh256} SHA2-Password SHA2 hashed passwords {ssh512} SHA2-Password SHA2 hashed passwords {nt} NT-Password Windows NT hashed passwords {nthash} NT-Password Windows NT hashed passwords {x-nthash} NT-Password Windows NT hashed passwords {ns-mta-md5} NS-MTA-MD5-Password Netscape MTA MD5 hashed passwords {x- orcllmv} LM-Password Windows LANMAN hashed passwords {X- orclntv} LM-Password Windows LANMAN hashed passwords *--* *Rashad Hall* Jr. Network Engineer | *Zayo Group* O: +1 858.836.0202 <(858)%20836-0202> 12270 World Trade Drive Suite #100 | San Diego, CA 92128 Mission <http://www.zayo.com/company/about-zayo/> | Network Map <http://www.zayo.com/solutions/global-network/> | LinkedIn <https://www.linkedin.com/company/zayo-group> | Twitter <https://twitter.com/zayogroup>
On Feb 10, 2018, at 1:59 AM, Rashad Hall <rashad.hall@zayo.com> wrote:
Currently running FreeRADIUS Version 3.0.15 and looking for confirmation of SHA3 support as I found this page (https://freeradius.org/radius d/man/rlm_pap.html) that has SHA3 listed, but when I run man rlm_pap I have significantly fewer options. Just wanted to confirm if support for SHA3 in FreeRADIUS is available yet?
In v3, rlm_pap doesn't support SSHA3.
My "man rlm_pap" below.
PLEASE don't post this to the list. We already know what that file says. There is *zero* benefit to anyone in posting it. SSHA3 has been added to the v4.0.x branch. If you need it in v3, you're welcome to back-port the changes, and file a github pull request. Alan DeKok.
On Feb 10, 2018, at 1:44 PM, Alan DeKok <aland@deployingradius.com> wrote:
On Feb 10, 2018, at 1:59 AM, Rashad Hall <rashad.hall@zayo.com> wrote:
Currently running FreeRADIUS Version 3.0.15 and looking for confirmation of SHA3 support as I found this page (https://freeradius.org/radius d/man/rlm_pap.html) that has SHA3 listed, but when I run man rlm_pap I have significantly fewer options. Just wanted to confirm if support for SHA3 in FreeRADIUS is available yet?
In v3, rlm_pap doesn't support SSHA3.
OpenSSL doesn't even support SHA3 yet! It's in the master branch but the code hasn't made it into a released version. Why do you want/need SHA3 support? -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
I have users in the users file with clear-text passwords and was instructed to secure the passwords within the file. I have ended up storing the passwords as Salted SHA1 hashes. Any feedback would be appreciated. Thank you. *--* *Rashad Hall* Jr. Network Engineer | *Zayo Group* O: +1 858.836.0202 <(858)%20836-0202> 12270 World Trade Drive Suite #100 | San Diego, CA 92128 Mission <http://www.zayo.com/company/about-zayo/> | Network Map <http://www.zayo.com/solutions/global-network/> | LinkedIn <https://www.linkedin.com/company/zayo-group> | Twitter <https://twitter.com/zayogroup> On Sat, Feb 10, 2018 at 8:47 AM, Arran Cudbard-Bell < a.cudbardb@freeradius.org> wrote:
On Feb 10, 2018, at 1:44 PM, Alan DeKok <aland@deployingradius.com> wrote:
On Feb 10, 2018, at 1:59 AM, Rashad Hall <rashad.hall@zayo.com> wrote:
Currently running FreeRADIUS Version 3.0.15 and looking for
confirmation of
SHA3 support as I found this page (https://freeradius.org/radius d/man/rlm_pap.html) that has SHA3 listed, but when I run man rlm_pap I have significantly fewer options. Just wanted to confirm if support for SHA3 in FreeRADIUS is available yet?
In v3, rlm_pap doesn't support SSHA3.
OpenSSL doesn't even support SHA3 yet! It's in the master branch but the code hasn't made it into a released version.
Why do you want/need SHA3 support?
-Arran
Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
- List info/subscribe/unsubscribe? See http://www.freeradius.org/ list/users.html
On Feb 12, 2018, at 6:16 AM, Rashad Hall <rashad.hall@zayo.com> wrote:
I have users in the users file with clear-text passwords and was instructed to secure the passwords within the file. I have ended up storing the passwords as Salted SHA1 hashes. Any feedback would be appreciated. Thank you.
Ah so you want SHA3 because 3 > 1, ok. -Arran
participants (3)
-
Alan DeKok -
Arran Cudbard-Bell -
Rashad Hall