Hash/Salt password with mysql
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Mon Aug 10 21:44:08 CEST 2015
> On Aug 10, 2015, at 3:38 PM, Moataz Elmasry <zaza1851983ml at googlemail.com> wrote:
>
> Hi Arran and thanks for the quick reply
>
> Unfortunately I can't seem to get it running, getting a "[pap] Passwords don't match" error
>
> Here's the simplest example I could come up with:
>
> username: freddi
> password: wilma
> salt: berlin
>
> Then hashed the password+salt:
> echo -n "wilmaberlin" | openssl sha1
> (stdin)= ae5fb20004bd032779db7ecb7eda7973fa25d281
>
>
> In the users table, the hash is set to that sha1, while salt=berlin
>
> Then here's the configuration from sites-enabled/default:
>
> update control {
> Tmp-String-0 := "%{sql:SELECT hash FROM accounts WHERE username = '%{User-Name}'}"
> Tmp-String-1 := "%{sql:SELECT salt FROM accounts WHERE username = '%{User-Name}'}"
> }
>
> update control {
> SSHA-Password := "%{control:Tmp-String-0}%{control:Tmp-String-1}"
> }
>
> I removed the 0x before the password value, so that it gets normalized
Is the salt hex encoded also when it comes out of the db?
-Arran
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150810/b6d0c6ba/attachment.sig>
More information about the Freeradius-Users
mailing list