Support for other hash (like MD5, SHA1) using MSCHAPv2
Brivaldo Junior
brivaldo.junior at ufms.br
Wed Feb 2 17:46:11 CET 2011
> Brivaldo Junior wrote:
>> We use OpenLDAP here, and have many users with many fields
> userPassword
>> each one with one hash like, MD5, SHA1, SSHA, SMD5 and others. Using
>> PAP, work perfect, but, we want to use MSCHAPv2 because work with
>> simple conf (thinking on user side) on Windows, MacOSX and sometimes
>> Linux too.
> http://deployingradius.com/documents/protocols/compatibility.html [1]
>
I read this... ok.
>> Our idea is to get ClearText decoded on MSCHAP connection (get this
>> information) and encode using OpenSSL (same form used on PAP) to
>> check
>> if hashes are the same of which were obtained from OpenLDAP.
> It's impossible. Alan DeKok.
I really try to understand why it's impossible, because another
softwares
like dovecot and postfix do this. I imagine, the FreeRadius work with
auth using another form (OpenLDAP is used do retrieve information, not
to parse or auth, and of course, I see this enviroment on FreeRadius,
and like it).
Get information of OpenLDAP, encode password from user, and compare
each other,
this idea is so simple, of course, on simple enviroment too. On
this case, I will use the "hard way", to understand why it's
impossible.
Thanks for information Alan,
Brivaldo Jr
More information about the Freeradius-Devel
mailing list