rml_perl question

Phil Mayers p.mayers at imperial.ac.uk
Tue Jul 24 15:49:23 CEST 2007


On Tue, 2007-07-24 at 14:29 +0300, FreeRadius-ML wrote:
> Ok,
> 
>   I think there is a misunderstanding here. Here's my target:
> 
> OpenSER -> FreeRadius -- rlm_perl --> TCP Server
> 
>   Now, if I understand correctly, in order to validate that a SIP register
> coming in from the OpenSER is a valid username/password combo, I'm required
> to calculate the Digest on the TCP Server, and verify it against the digest

No, I understand what you're trying to do. I'm telling you you're doing
it the wrong way. You are welcome to disagree with my opinion, but there
it is.

> that is calculated at the OpenSER, and that is being done using the 
> AVP information that is passwed to the FreeRadius server, and the password
> that is stored at the remote TCP Server. 

Why can't you just have the TCP server pass the HA1 value back to the
Radius server on request, and have the Radius server (which already has
a proven, tested, high-performance digest implementation) do it?

In any event - if you are adamant that the entire digest auth needs to
take place inside the TCP server, then you will need to re-implement the
digest authentication algorithm, and that's not a Radius question.

You should re-read the RFC, and possibly look at the source for
rlm_digest, but this isn't really an appropriate forum to learn how the
digest algo works.




More information about the Freeradius-Users mailing list