Help for PHP based authentication

Arran Cudbard-Bell a.cudbardb at freeradius.org
Tue Jun 3 12:35:59 CEST 2014


On 3 Jun 2014, at 11:32, Javed Akhtar <javed at gowifi.in> wrote:

> Hello i am trying to setup a basic authentication for users against the php script
> with the config bellow(removed functional things and showed reply only as example)
> 
> i am getting the error
> 
> Exec-Program output: user_name     Cleartext-Password := "pass"
> Exec-Program-Wait: plaintext: user_name     Cleartext-Password := "pass"
> Exec-Program: returned: 0
> ++[php_check] returns ok
> [pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.
> ++[pap] returns noop
> ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
> Failed to authenticate the user.
> Using Post-Auth-Type Reject
> 
> 
> PLEASE SUGGEST ME THE CHANGES NEEDED
> 
> the module php looks like this
> exec php_check{
>         wait = yes
>         program = "/usr/bin/php -f /var/rad_check.php  %{Called-Station-Id} %{User-Name} %{User-Password}"
>         input_pairs = request
>         output_pairs = config
>         shell_escape = yes
> }
> 
> php script is like this
> <?php
> 	echo 'user_name     Cleartext-Password := "pass"';
> ?>
> 
> radiusd.conf is like this
> authorize {
> php_check
> }
> authenticate {
> 	 Auth-Type PAP {
> 		pap
> 	 }
> }
> 

Um, what's the 'user_name    ' part for? and I know you're doing it for convenience, but learn a real programming language. PHP should have no role to play in anything security related, we've rejected native rlm_php modules before on those grounds.

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20140603/e19a401d/attachment.pgp>


More information about the Freeradius-Devel mailing list