Salted SHA3 Support

Rashad Hall rashad.hall at zayo.com
Sat Feb 10 07:59:27 CET 2018


Currently running FreeRADIUS Version 3.0.15 and looking for confirmation of
SHA3 support as I found this page (https://freeradius.org/radius
d/man/rlm_pap.html) that has SHA3 listed, but when I run man rlm_pap I have
significantly fewer options. Just wanted to confirm if support for SHA3 in
FreeRADIUS is available yet? My "man rlm_pap" below.

rlm_pap(5)                     FreeRADIUS Module
rlm_pap(5)



NAME
       rlm_pap - FreeRADIUS Module

DESCRIPTION
       The rlm_pap module authenticates RADIUS Access-Request packets that
       contain a User-Password attribute.  The module should also be listed
       last in the authorize section, so that it can set the Auth-Type
       attribute as appropriate.

       When a RADIUS packet contains a clear-text password in the form of a
       User-Password attribute, the rlm_pap module may be used for
       authentication.  The module requires a "known good" password, which
it
       uses to validate the password given in the RADIUS packet.  That
"known
       good" password must be supplied by another module (e.g. rlm_files,
       rlm_ldap, etc.), and is usually taken from a database.

CONFIGURATION
       The only configuration item is:

       normalise
              The default is "yes".  This means that the module will try to
              automatically detect passwords that are hex- or base64-encoded
              and decode them back to their binary representation.  However,
              some clear text passwords may be erroneously converted.
Setting
              this to "no" prevents that conversion.

USAGE
       The module looks for the Password-With-Header control attribute to
find
       the "known good" password. The attribute value comprises the header
       followed immediately by the password data. The header is given by the
       following table.


              Header       Attribute           Description
              ------       ---------           -----------
              {clear}      Cleartext-Password  clear-text passwords
              {cleartext}  Cleartext-Password  clear-text passwords
              {crypt}      Crypt-Password      Unix-style "crypt"ed
passwords
              {md5}        MD5-Password        MD5 hashed passwords
              {base64_md5} MD5-Password        MD5 hashed passwords
              {smd5}       SMD5-Password       MD5 hashed passwords, with a
salt
              {sha}        SHA-Password        SHA1 hashed passwords
                           SHA1-Password       SHA1 hashed passwords
              {ssha}       SSHA-Password       SHA1 hashed passwords, with
a salt
                           SSHA1-Password      SHA1 hashed passwords, with
a salt
              {ssh2}       SHA2-Password       SHA2 hashed passwords
              {ssh256}     SHA2-Password       SHA2 hashed passwords
              {ssh512}     SHA2-Password       SHA2 hashed passwords
              {nt}         NT-Password         Windows NT hashed passwords
              {nthash}     NT-Password         Windows NT hashed passwords
              {x-nthash}   NT-Password         Windows NT hashed passwords
              {ns-mta-md5} NS-MTA-MD5-Password Netscape MTA MD5 hashed
passwords
              {x- orcllmv} LM-Password         Windows LANMAN hashed
passwords
              {X- orclntv} LM-Password         Windows LANMAN hashed
passwords

*--*
*Rashad Hall*
Jr. Network Engineer | *Zayo Group*
O: +1 858.836.0202 <(858)%20836-0202>
12270 World Trade Drive Suite #100 | San Diego, CA 92128
Mission <http://www.zayo.com/company/about-zayo/> | Network Map
<http://www.zayo.com/solutions/global-network/> | LinkedIn
<https://www.linkedin.com/company/zayo-group> | Twitter
<https://twitter.com/zayogroup>


More information about the Freeradius-Users mailing list