Storing hashes in MySQL when using MS_CHAP
Yuriy Grishin
grishin-mailing-lists at minselhoz.samara.ru
Tue Mar 17 20:02:19 CET 2009
Alan DeKok wrote:
> Yuriy Grishin wrote:
>
>> Hello,
>>
>> I'm trying to conceal plain-text passwords from my radius.radcheck
>> database in order to it'll be useless if it's stolen.
>>
>
> That's admirable, but generally useless. And often counter-productive.
>
>
You bet, I've spent all the day and the result is 0.
>> | 1 | user1 | Password-With-Header | := |
>> {md5}c4ca4238a0b923820dcc509a6f75849b |
>>
>
> MD5 hashed passwords...
>
>
Yes. I did it that way :
mysql> ....Value=concat('{md5}', md5('1')) where ...;
>> and raduis -X said :
>>
> ...
>
>> modcall: leaving group authorize (returns ok) for request 0
>> rad_check_password: Found Auth-Type CHAP
>>
>
> ... are incompatible with CHAP.
>
> http://deployingradius.com/documents/protocols/compatibility.html
>
> What you want to do is impossible. You MUST have the clear-text
> passwords in the DB in order to do CHAP.
>
>
I suspected that it's impossible so I asked a good (correct) question.
>> It that possible to get hashed passwords together with MS_CHAP?
>>
>
> You are doing CHAP, not MS-CHAP. They are very different.
>
Yeah, you're right I'm doing CHAP.
Thanks a lot for the explanation!
More information about the Freeradius-Users
mailing list