rml_perl question
FreeRadius-ML
freeradius at zap2link.com
Tue Jul 24 13:29:54 CEST 2007
Ok,
I think there is a misunderstanding here. Here's my target:
OpenSER -> FreeRadius -- rlm_perl --> TCP Server
Now, if I understand correctly, in order to validate that a SIP register
coming in from the OpenSER is a valid username/password combo, I'm required
to calculate the Digest on the TCP Server, and verify it against the digest
that is calculated at the OpenSER, and that is being done using the
AVP information that is passwed to the FreeRadius server, and the password
that is stored at the remote TCP Server.
Tell me if I have something backwards here?
Z2L
----- Original Message -----
From: "FreeRadius-ML" <freeradius at zap2link.com>
To: "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org>
Sent: Tuesday, July 24, 2007 2:10:49 PM (GMT+0200) Asia/Jerusalem
Subject: Re: rml_perl question
Ok,
That makes more sense, do you have an example I can look at?
In any case, let me see if I understand the below:
I see that we perform 3 MD5 sums, each time on a different concatenated
string. The fields that I'm not recognizing are nc-val and entiry-body. Can
you please add information about these, as I would like to get more information
on this, as there may be a possibility that I would be required to calculate
this externally.
Regards,
Z2L
----- Original Message -----
From: "Phil Mayers" <p.mayers at imperial.ac.uk>
To: "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org>
Sent: Tuesday, July 24, 2007 2:00:33 PM (GMT+0200) Asia/Jerusalem
Subject: Re: rml_perl question
On Tue, 2007-07-24 at 11:43 +0300, FreeRadius-ML wrote:
> Hi Peter,
>
> Well, according to the RFC, the string should be:
> username:realm:password and then into the md5sum.
No, the digest response is:
md5 (
concat (
md5 ( user:realm:passwd )
nonce:nc-val:cnonce:qop:md5(method:uri[:entity-body])
)
)
> So, I did the following: echo '101 at 192.168.2.80:192.168.2.80:101' | md5sum, which generated
> the following output: ec6cec8f0b5904ba56401b1e305638b5.
*Even* if that were how it worked, you've md5'ed the "\n" that echo will
echo.
In any event, you're going about this totally wrong. FreeRadius has a
digest auth module; you should be extracting the credentials from your
database and letting FreeRadius do the auth algorithm.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list