Using the various User-Password, Chap-Password, etc... with MySQL
liran tal
liransgarage at gmail.com
Mon Jul 30 17:44:15 CEST 2007
Thanks Alan,
I've read the manpage on rlm_pap.
Regarding the User-Password attribute I understand that it is still support
but we moved
to using Cleartext-Password which is essentially the same.
Regarding the other attributes like Crypt-Password or MD5-Password, the
manpage says that
these contain the crypted/md5 hashed form of the password. Does that mean
that if I use
those as the password attribute then in the database I'm supposed to use the
MD5() function
to encrypt the password I save there?
This also brings me to another question, if I can encrypt like that a
password in the database
even for the Cleartext-Password (or the deprecated User-Password) attribute
as the manpage
also mentions that rlm_pap, if put last in the authorize section will try to
decrypt the password.
Do I understand this correctly?
Regards,
Liran.
On 7/29/07, Alan DeKok <aland at deployingradius.com> wrote:
>
> liran tal wrote:
> > I was wondering if someone can clearly explain the use of different
> > Password attributes when they're used in a scenario where MySQL is
> involved.
>
> The different password attributes have nothing to do with MySQL.
>
> Put a clear-text password in MySQL, and let the server deal with
> different authentication protocols.
>
> > The basic case of User-Password is clear.
> > When the attribute in the radcheck table is User-Password then it's
> value is
> > the password in clear text and the op is ==
>
> No. See the recent documentation in 1.1.5 and following. The
> attribute is Cleartext-Password, and the operator is :=.
>
> > What about Cleartext-Password? I've added this attribute with op of :=
> and
> > value password in clear text and used radtest as a test, and it results
> in
> > just re-transmission of Access-Request queries, and basically not
> working.
>
> See the FAQ for "it doesn't work". The FAQ, README, INSTALL, etc. all
> say to run the server in debugging mode.
>
> > What about Chap-Password, MD5-Password, SHA1-Password, what are their
> > corresponding values and op like?
>
> Read the documentation in "man rlm_pap", as suggested in the README.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070730/e3211f8a/attachment.html>
More information about the Freeradius-Users
mailing list