Help with external authentication using PHP
Alan DeKok
aland at deployingradius.com
Fri Apr 5 17:28:52 CEST 2019
On Apr 5, 2019, at 11:22 AM, Ekene Ezeasor <ezeasorekene at gmail.com> wrote:
> Please our users' password are encrypted using crypt() (blowfish) function
> in PHP. Now I want to use password_verify() to check the submitted password
> and I intend doing that in PHP. I have updated my authorize section to use
> the external PHP script like this:
>
> update control {
> Auth-type := "/usr/bin/php -f
> /etc/freeradius/3.0/php/checkpassword.php %{User-Name} %{User-Password}"
> &Proxy-To-Realm := LOCAL
> }
>
> But only the username is sent to the external PHP file. The password is
> empty.
If you're using WiFi, the User-Password won't exist. See the debug output for more information.
> We are already running a large database and it may not be easy to change to
> another encryption method. Therefore this is very important and we really
> need to implement it.
See:
http://deployingradius.com/documents/protocols/compatibility.html
The clients will need to do TTLS with inner-tunnel PAP. Everything else won't work.
Your choices are:
* use TTLS with inner PAP
* don't do WiFi
* change all the passwords in the database to clear-text
Pick one.
Alan DeKok
More information about the Freeradius-Users
mailing list