Question on FreeRADIUS digest authentication with SIP proxy

Cheng Zhang czhang.cmu at gmail.com
Wed Oct 12 07:31:57 CEST 2005


I have setup SER to authenticate via FreeRADIUS with MSSQL DB. The SIP
proxy (SER) use digest authentication to authenticate with FreeRADIUS
server. This way the user's password is stored as cleartext in the
database. I'd like to know is there a way to make such setup using
hashed password (just MD5 or HA1)?
I asked this question on SER's mailing list, but seems cleartext
password is the only way to do digest authentication with FreeRADIUS.
After reading through RFC2617 and draft-ietf-radext-digest-auth-04,
seems to me that if Digest-Algorithm attribute in RADIUS packet is
'MD5-sess', there is a Digest-HA1 attribute might be useful for my
purpose. Is there any options to tweak FreeRADIUS's digest
authentication mode, something like 'auth_type' or 'encrypt_method'
for MSCHAP or other authentication methods?
Thanks.




More information about the Freeradius-Users mailing list