Best/simplest authentication method to validate an encrypted user/password against encrypted known-good.

Gleb Lisikh in4bit.general at gmail.com
Wed Apr 29 23:03:01 CEST 2020


Hi guys!

I am running into a bit of a problem where I least expected, so looking for
a general advice here.

I'd like to be able to authenticate a user by comparing password provided
with the client's authentication request with what's in a password store.
It can be easily done by Clear-Text password, of course, but I cannot have
a known good password in that password store in Clear-Text form - only
encrypted (doesn't really matter how).

So ideally, i'd like to get an encrypted password string from a client, and
compare it with an encrypted password string retrieved from the known good
password store. The retrieval of the known good password is done in the
python module. And I'd rather not use SQL instead for the Python.

EAP methods encrypt the whole message using the user passwords as a key (as
far as I understand it), which complicates the matter...

Any advice as to what standard mechanism(s)/method(s) can be used in such
case? I hope I explained it well enough...

Thank you so much!

Gleb


More information about the Freeradius-Users mailing list