Radius + PostgreSQL + MD5 Passwords
Alan DeKok
aland at deployingradius.com
Fri Feb 5 08:34:10 CET 2010
Phillip Smith wrote:
> My problem:
> I'm strongly against storing passwords in clear text so I want the
> passwords in PostgreSQL to be MD5 or SHA1 hashed.
Probably salted.
> Everything I've read through Google seems to be indicating that for
> any form of encryption to work between the client and server, that the
> database has to use clear text passwords.
No.
http://deployingradius.com/documents/protocols/compatibility.html
> I have successfully got the FreeRADIUS + PostgreSQL combination
> working with clear text, but I can not make the move to hashed
> passwords.
>
> 1) It what I am trying to do possible?
Yes.
> 2) If so, is it possible without any significant drawbacks?
It limits your ability to use different authentication protocols.
> 3) Any pointers in the right direction to how to achieve what I am after?
See "man rlm_pap". You can use the "auto-header" thing, or just use
MD5-Password directly:
# "users" file entry:
bob MD5-Password := 0x12345...
#
Alan DeKok.
More information about the Freeradius-Users
mailing list