Crypted Password Problem with DIGEST

Philippe Sultan philippe.sultan at gmail.com
Mon Oct 10 18:30:00 CEST 2005


>
>
> I'll add a similar patch to the CVS head, which already has a
> MD5-Password attribute defined. So no configuration changes are
> required there.

 Certainly more appropriate.
 However, if one wants to store H(username:realm:password) in LDAP as a
userPassword attribute (this is our case at INRIA), will the MD5-Password be
replaced by the retrieved attribute during the Authorization phase and then
computed by rlm_digest?
 As far as I know from testing, the userPassword LDAP value replaces the
User-Password RADIUS value if the line password_attribute = userPassword is
set in the ldap module configuration section, if ldap is activated in
Authorization. This is the reason why we patched the digest module to have
the User-Password value modified.
 We might need then to adjust the ldap module configuration as well if we
want to store encrypted passwords in an LDAP server. Right?
 Best Regards,
 Philippe Sultan
INRIA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20051010/64effbbe/attachment.html>


More information about the Freeradius-Users mailing list