setup question : mschap + perl authentication
Arran Cudbard-Bell
A.Cudbard-Bell at sussex.ac.uk
Mon Jul 9 23:44:12 CEST 2007
Alan DeKok wrote:
> Johan wrote:
>
>> I'm wondering if it's possible to authenticate a user who is using
>> mschap authentication with perl.
>>
>
> Sure. Just re-write all of the MS-CHAP authentication protocol in
> rlm_mschap in Perl.
>
> But why the heck would you want to do that?
>
>
You know i've been thinking of doing that in PHP (PHP Based supplicant
for weblogin via RADIUS), i'm sure it's possible... and it would be of
some benefit, just the RFC makes my head hurt... one of the few times
I've regreted not studying computer science. *sigh* something to do
with hashing the nt hash using different sha functions.
Got PAP working though thats not exactly hard... and CHAP seems very
easy , so i'll do that tomorrow.
Have a request hash <Radius to Supplicant>
Hash this hash with a hash of the password <Supplicant>
Here have the request hash and the hash of the request hash with the
password.. <Supplicant to Radius>
*works*
And the advantage of supporting MSChap is that you don't have to store
your passwords in cleartext... Just NT4 or LMHash which while not much
more secure than cleartext , looks far more impressive in a password
database.
But yes, as Alan said, why bother implimenting the server side MSChap
module in perl ... rlm_perl wasn't really designed for this kind of
stuff, more for request flow control and acquiring extra attributes from
databases and various other perly type things.
You ok Alan ? You've seemed less yeah go look at this howto / man page
and more *stab stab* die recently ...
Sorry abundance of Guinness ...
Thanks,
Arran
More information about the Freeradius-Users
mailing list