sha512 format

Arran Cudbard-Bell a.cudbardb at freeradius.org
Fri Aug 28 14:10:24 CEST 2015


> On 28 Aug 2015, at 00:54, Noel Butler <noel.butler at ausics.net> wrote:
> 
> Howdy,
> 
> Building new radius setup, and in test bed using freeradius at present, I see v3 uses SHA-2, great, it's what we are trying, but when inserting into mariadb   $6$salt$foobarqwerty....  does not seems not to work (clear text of course does but thats not an option in 2015) does it expect it in some other format?

FreeRADIUS doesn't need to support SHA2 for this, you just need to put the password in the right control attribute, so FreeRADIUS will treat it as a crypt password.

update control {
	&Crypt-Password := "<value from db or other attribute>"
}
pap

FreeRADIUS will then call crypt(), and if your system's crypt function understands the format, it should all work fine.

If your systems crypt function does not support SHA2-512 then you need to break out the components.


if ("<sql query/password attr>" =~ /\$6\$([^$]+)\$(.*)/) {
	update control {
		SSHA2-512-Password := "%{2}%{1}"
	}
}

-Arran

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS development team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150828/3b7b9859/attachment.sig>


More information about the Freeradius-Users mailing list