2.x.x (and earier?): yet another decoding SSHA issue

Arran Cudbard-Bell a.cudbardb at freeradius.org
Wed Jul 17 09:06:19 CEST 2013

> Or do I still have to change my encoding of the hashes from base64 to
> hex in the DB attribute's value, and *additionally* use the string cast
> later on in rlm_pap to prevent any further touching of the hash value?
> In any case, let me know when there's something to test in 2.x.x.

The solution I posted earlier should work fine:

update control {
	SSHA1-Password = "%{base64tohex:SSHA1-Password-Base64}"

You will need to define the local string attribute 'SSHA1-Password-Base64' and change the attribute in the database. 

The worry was normification could potentially mangle the binary version of the password further, hence the additional discussion around disabling it.

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team

More information about the Freeradius-Devel mailing list