Digest auth with LDAP

Phil Mayers p.mayers at imperial.ac.uk
Mon Jul 17 11:15:12 CEST 2006

Matt wrote:
> Hello,
> I have a problem with the users file. Indeed, if I write in this file :
> DEFAULT	Auth-Type := digest
> I got this error "rlm_digest: Configuration item "User-Password" or
> Digest-HA1 is required for authentication."

Digest auth REQUIRES the plaintext password or digest HA1 attribute 
(hence the message). If your LDAP directory doesn't contain these, you 
will not be able to do digest auth with it.

> So I decided to put a Digest-HA1 attribute in the users file and the auth
> works :
> DEFAULT	Auth-Type := digest, Digest-HA1 :=
> "409e2df0ac3a755199a8a91817bb87b8"
>  But it's works of course only for my login. How to do this  for different
> login?

The Digest-HA1 attribute is per-user - it's like the password crypt, but 
different. You need each users plaintext password to generate it.

> Thank you for your help and sorry for my English!
> Sincerely,
> Matt

More information about the Freeradius-Users mailing list