Digest W/HA1 Authentication

Tavis P tavis.lists at galaxytelecom.net
Wed Feb 1 20:50:16 CET 2006

Yeah, when using freeradius to authentication users on a SIP proxy for 
example it would be ideal to be able to use HA(1) instead of basic 
digest with plain text passwords

Several months ago there was a couple patches sent in to add HA(1) 
support to the digest authentication module (for freeradius 1.0.5) and 
someone mentioned that they had been added to CVS.

I assumed the patch was included in 1.1.0 (based off of the Changelog 
entry "Support User-Password field encryption in digest mode.")

 From this email ( 
) i was under the impression that i could supplant the "User-Password" 
field with "MD5-Password" and the digest module would use the HA(1) 
algorithm to authenticate the request

Setting the attribute to MD5-Password causes the sql module to return 
"notfound" and the digest module complains that there needs to be ' 
"User-Password" or MD5-Password" ' items and returns invalid

Alan DeKok wrote:
> Tavis P <tavis.lists at galaxytelecom.net> wrote:
>> I'm just curious which attribute type (or digest module configuration) i 
>> need to use to enable HA1 digest authentication in Freeradius 1.1.0?
>   What do you mean by that?  Using the Digest-HA1 data for
> authentication, rather than clear-text password?
>   That's not supported in the module, but it wouldn't be hard to add.
>   Alan DeKok.
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list