Salted SHA3 Support
Rashad Hall
rashad.hall at zayo.com
Sat Feb 10 07:52:56 CET 2018
Sorry, I'm an idiot, this is not the list I should post to. Please remove.
*--*
*Rashad Hall*
Jr. Network Engineer | *Zayo Group*
O: +1 858.836.0202 <(858)%20836-0202>
12270 World Trade Drive Suite #100 | San Diego, CA 92128
Mission <http://www.zayo.com/company/about-zayo/> | Network Map
<http://www.zayo.com/solutions/global-network/> | LinkedIn
<https://www.linkedin.com/company/zayo-group> | Twitter
<https://twitter.com/zayogroup>
On Fri, Feb 9, 2018 at 10:27 PM, Rashad Hall <rashad.hall at zayo.com> wrote:
> Currently running FreeRADIUS Version 3.0.15 and looking for confirmation
> of SHA3 support as I found this page (https://freeradius.org/
> radiusd/man/rlm_pap.html) that has SHA3 listed, but when I run man
> rlm_pap I have significantly fewer options. Just wanted to confirm if
> support for SHA3 in FreeRADIUS is available yet? My "man rlm_pap" below.
>
> rlm_pap(5) FreeRADIUS Module
> rlm_pap(5)
>
>
>
> NAME
> rlm_pap - FreeRADIUS Module
>
> DESCRIPTION
> The rlm_pap module authenticates RADIUS Access-Request packets that
> contain a User-Password attribute. The module should also be listed
> last in the authorize section, so that it can set the Auth-Type
> attribute as appropriate.
>
> When a RADIUS packet contains a clear-text password in the form of a
> User-Password attribute, the rlm_pap module may be used for
> authentication. The module requires a "known good" password, which
> it
> uses to validate the password given in the RADIUS packet. That
> "known
> good" password must be supplied by another module (e.g. rlm_files,
> rlm_ldap, etc.), and is usually taken from a database.
>
> CONFIGURATION
> The only configuration item is:
>
> normalise
> The default is "yes". This means that the module will try to
> automatically detect passwords that are hex- or
> base64-encoded
> and decode them back to their binary representation.
> However,
> some clear text passwords may be erroneously converted.
> Setting
> this to "no" prevents that conversion.
>
> USAGE
> The module looks for the Password-With-Header control attribute to
> find
> the "known good" password. The attribute value comprises the header
> followed immediately by the password data. The header is given by
> the
> following table.
>
>
> Header Attribute Description
> ------ --------- -----------
> {clear} Cleartext-Password clear-text passwords
> {cleartext} Cleartext-Password clear-text passwords
> {crypt} Crypt-Password Unix-style "crypt"ed
> passwords
> {md5} MD5-Password MD5 hashed passwords
> {base64_md5} MD5-Password MD5 hashed passwords
> {smd5} SMD5-Password MD5 hashed passwords, with
> a salt
> {sha} SHA-Password SHA1 hashed passwords
> SHA1-Password SHA1 hashed passwords
> {ssha} SSHA-Password SHA1 hashed passwords, with
> a salt
> SSHA1-Password SHA1 hashed passwords, with
> a salt
> {ssh2} SHA2-Password SHA2 hashed passwords
> {ssh256} SHA2-Password SHA2 hashed passwords
> {ssh512} SHA2-Password SHA2 hashed passwords
> {nt} NT-Password Windows NT hashed passwords
> {nthash} NT-Password Windows NT hashed passwords
> {x-nthash} NT-Password Windows NT hashed passwords
> {ns-mta-md5} NS-MTA-MD5-Password Netscape MTA MD5 hashed
> passwords
> {x- orcllmv} LM-Password Windows LANMAN hashed
> passwords
> {X- orclntv} LM-Password Windows LANMAN hashed
> passwords
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-announce/attachments/20180209/4f762c0e/attachment-0001.html>
More information about the Freeradius-Announce
mailing list