rml_perl question

FreeRadius-ML freeradius at zap2link.com
Tue Jul 24 16:02:41 CEST 2007


Ok,

  Now I understand you better, and I agree, that would constitute a much more
scalable method. In that case, I return to my previous question, do you have a
working rlm_perl script that does this, as I would like to see how this works.

  You'll have to excuse me, this is still a little new to me.

Regards,
  Z2L

----- Original Message -----
From: "Phil Mayers" <p.mayers at imperial.ac.uk>
To: "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org>
Sent: Tuesday, July 24, 2007 4:49:23 PM (GMT+0200) Asia/Jerusalem
Subject: Re: rml_perl question

On Tue, 2007-07-24 at 14:29 +0300, FreeRadius-ML wrote:
> Ok,
> 
>   I think there is a misunderstanding here. Here's my target:
> 
> OpenSER -> FreeRadius -- rlm_perl --> TCP Server
> 
>   Now, if I understand correctly, in order to validate that a SIP register
> coming in from the OpenSER is a valid username/password combo, I'm required
> to calculate the Digest on the TCP Server, and verify it against the digest

No, I understand what you're trying to do. I'm telling you you're doing
it the wrong way. You are welcome to disagree with my opinion, but there
it is.

> that is calculated at the OpenSER, and that is being done using the 
> AVP information that is passwed to the FreeRadius server, and the password
> that is stored at the remote TCP Server. 

Why can't you just have the TCP server pass the HA1 value back to the
Radius server on request, and have the Radius server (which already has
a proven, tested, high-performance digest implementation) do it?

In any event - if you are adamant that the entire digest auth needs to
take place inside the TCP server, then you will need to re-implement the
digest authentication algorithm, and that's not a Radius question.

You should re-read the RFC, and possibly look at the source for
rlm_digest, but this isn't really an appropriate forum to learn how the
digest algo works.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list