2.x.x (and earier?): yet another decoding SSHA issue
stefan.winter at restena.lu
Wed Jul 17 08:07:43 CEST 2013
>>> Is it possible to add a qualifier indicating the format of the item,
>>> e.g. base64, hex, etc.?
>> You could use as part of the atribute name to indicate a cast.
>> <string>SSHA-Password := <hash>
>> But it's still awful.
>> Anyway Stefan's point about SSHA is correct. Maybe an option to
>> turn off the normalisation done by rlm_pap would be useful.
> Having rehashed the rlm_pap code for v3, I'd question anyone's
> sanity wanting to touch the v2 code... I'm still in recovery :-)
> I've done a pull request for v3 that adds this option. It
> compiles, but I've not tested it yet.
Maybe I'm looking at this from a wrong angle, but... the breakage occurs
long before rlm_pap gets its hand on it. If you check the original error
message that I posted, this is a
[sql-imap-hash] SQL query error; rejecting user
So it never gets past the SQL instance.
So... does this mean my SQL table in the DB should swap SSHA1-Password
Or do I still have to change my encoding of the hashes from base64 to
hex in the DB attribute's value, and *additionally* use the string cast
later on in rlm_pap to prevent any further touching of the hash value?
In any case, let me know when there's something to test in 2.x.x.
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
Tel: +352 424409 1
Fax: +352 422473
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 263 bytes
Desc: OpenPGP digital signature
More information about the Freeradius-Devel