Offloading password verification

Phil Meech pmeech at gmail.com
Mon Apr 13 13:58:35 CEST 2009


Hi All,

I'm running version 1.18 currently on Ubuntu 2.6.24-19-server;
configured to use MYSQL for all auth and accounting requests.   I have
been asked to move the password verification away from MySQL and use
an external username/password DB (managed by another company), for
which my only method of access is an http API (given a username and
password the API returns either 1 or 0).  All attributes will still be
held in the current MySQL freeradius DB; and all the users that exist
in the API DB will also exist in the same current MySQL DB.  The
password is passed as PAP through to freeradius currently from the NAS
devices, and the API also expects a plaintext password.

I was thinking I could use the perl module to achieve this; but am a
little lost with where to start (writing the perl script is fine).  I
guess the point of my post is how to keep all the attributes in MySQL
and only offload the password to the API; and where this change would
fit in to the radiusd.conf file?

Any advice would be gratefully received.

Many Thanks,
Phil



More information about the Freeradius-Users mailing list