Password Hashed + Salted before authentication with?an?embedded?script

Matthew Newton mcn4 at
Sat Jan 10 01:49:12 CET 2015

On Fri, Jan 09, 2015 at 02:40:04PM -0700, Robert Graham wrote:
> Oh nevermind then, Im running 3.0.6....

You should be OK then - it follows the same as all other crypted
passwords do in rlm_pap (see the dictionary addition at the top of
the commit I sent previously):

Pull the password hash from the db into SHA2-Password, then call

Or ensure Password-With-Header begins with {sha2} {sha256} or
{sha512} followed by the hash, then call pap.

> No wonder I couldnt find any documentation on it.

Like many free software projects, the documentation may not be as
good as you thought it should be. Feel free to help out!



Matthew Newton, Ph.D. <mcn4 at>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at>

More information about the Freeradius-Users mailing list