PAP Authentication User-Password not working properly
Scott Lambert
lambert at lambertfam.org
Sat May 10 00:20:26 CEST 2008
On Fri, May 09, 2008 at 08:17:25PM +0100, Yago Fdez. Hansen wrote:
> Dana 9/5/2008, "Yago Fdez. Hansen" <sti at soportec.com> piše:
> >Hi everybody:
> >
> >I am installing a lab test server with Freeradius 2.0.4 with all
> >the authentication installed: CHAP, PAP, EAP and authorization over
> >MySQL, users, system, and LDAP.
> >
> >I installed it in the few last days and I have everything working
> >now, but as I was testing it, I could notice a bug. I created
> >users in every DB and file all of them with own password and user
> >entries. When I was testing with radtest ALL worked fine, but I
> >noticed that ONLY with PAP authentication and MySQL user it doesn't
> >matter if I put a clear password in radtest larger than the original
> >one I get an Access-Accept message.
> >
> >Example:
> >
> >radtest papsqluser papsecret localhost 0 testing123
> >Access-Accept
> >
> >radtest papsqluser papsecret43343 localhost 0 testing123
> >Access-Accept
> >
> mysql> select * from radcheck
> -> ;
> +----+-------------+----------------+----+---------------+
> | id | username | attribute | op | value |
> +----+-------------+----------------+----+---------------+
> | 1 | Chapsqluser | User-Password | == | chapsecret |
> | 2 | Chapsqluser | Auth-Type | := | Local |
> | 3 | Papsqluser | Crypt-Password | == | /gTPHauHkNjWE |
> | 4 | Papsqluser | Auth-Type | := | Crypt-Local |
> +----+-------------+----------------+----+---------------+
> 4 rows in set (0.00 sec)
The DES crypt algorithm only deals with the first 8 characters of the
password.
No bug, working as designed.
--
Scott Lambert KC5MLE Unix SysAdmin
lambert at lambertfam.org
More information about the Freeradius-Users
mailing list