Support for other hash (like MD5, SHA1) using MSCHAPv2
Brivaldo Junior
brivaldo.junior at ufms.br
Wed Feb 2 15:31:19 CET 2011
We use OpenLDAP here, and have many users with many fields
userPassword each one with one hash like, MD5, SHA1, SSHA, SMD5 and
others. Using PAP, work perfect,
but, we want to use MSCHAPv2 because work with simple conf (thinking
on
user side) on Windows, MacOSX and sometimes Linux too.
I read the rlm_mschap.c and see that code use SMB (using directly
the
domain or the ClearText password to generate NTLM encoding or OD of
Apple, right?), but I need to auth using OpenLDAP, and using this
hashes (we have a idP
using shibboleth with this OpenLDAP too, but not think if it is
possible
to use with auth purpose on FreeRadius).
Exist an explanation why this isn't exist? or only because isn't
implemented yet? We think to use PAP code implementation to help our
modification, of course, with that kind of modification don't
represent a problem for the rlm_mschap.c module.
Our idea is to get ClearText decoded on MSCHAP connection (get this
information) and encode using OpenSSL (same
form used on PAP) to check if hashes are the same of which were
obtained from OpenLDAP.
Regards,
--
Brivaldo Junior/DIGR/NIN
More information about the Freeradius-Devel
mailing list