SMD5 format, for hash and salt?

Julie Starr freeradius at jstarr.org
Fri Oct 24 18:49:19 CEST 2008 

 I'm using FreeRADIUS v 2.1.1 on CentOS 5.2.

I have everything working well, where I'm reading the user file for
Cleartext and MD5 hashes.

Here are two examples from my user file:

bob Cleartext-Password := "testing123"
carol  MD5-Password := "f30aa7a662c728b7407c54ae6bfd27d1"
    (where carol's password is just hello123)

However, it appears the data I have access to is actually stored as
salted MD5 hashes.

An example of an SMD5 hash that doesn't work in my user file:

abe   SMD5-Password := "37d0aa2d0d2b1f282eb2b393c9413998:rqZAS049NrEgN9bD"
(where the above is :=salted MD5 hash:salt)

I see the rlm_pap man page lists SMD5-Password as an attribute, but
I'm at a loss as to the correct format for the MD5 hash and its
associated salt. I've tried not just the colon above, but a semicolon,
dash, period,  a space, or tacked the salt to the beginning or to the
end. I tried looking through the src, but couldn't figure it out.

The output from radiusd -X and radtest for user abe is:
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 55280, id=91, length=55
       User-Name = "abe"
       User-Password = "hellojulie"
       NAS-IP-Address = 127.0.0.1
       NAS-Port = 1812
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "abe", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
[files] users: Matched entry abe at line 3
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "hellojulie"
[pap] Using SMD5 encryption.
[pap] Passwords don't match
++[pap] returns reject
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> abe
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 91 to 127.0.0.1 port 55280
Waking up in 4.9 seconds.

And if anyone is curious, I was told this is how these particular SMD5
entries I was given were generated:

function mosMakePassword($length=8) {
               $salt                       =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
               $makepass         = '';
               mt_srand(10000000*(double)microtime());
               for ($i = 0; $i < $length; $i++)
                               $makepass .= $salt[mt_rand(0,61)];
               return $makepass;
}


        list($hash, $salt) = explode(':', $row->password);

        $cryptpass = md5($passwd.$salt);

        if ($hash != $cryptpass) {

                        if ( $bypost ) {


mosErrorAlert(_LOGIN_INCORRECT);

                        } else {

                                        $this->logout();

                                        mosRedirect('index.php');

                        }

                        exit();

        }


If anyone has any ideas or point out what I've completely
misunderstood, please let me know.

thanks,
Julie

More information about the Freeradius-Users mailing list