Problem using hased passwords
Michael Schwartzkopff
ms at sys4.de
Fri Jun 30 11:59:32 UTC 2023
On 30.06.23 13:26, Alan DeKok wrote:
> On Jun 30, 2023, at 6:46 AM, Michael Schwartzkopff via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>> I am trying to use a hased password, but I get the error:
>>
>> pap: ERROR: SHA1 digest does not match "known good" digest
>>
>> from the eap_gtc module.
>>
>> According to the compatibility matrix this should work.
> Hmm, yes. It should work.
>
> I do this:
>
> update control {
> &SHA1-Password := "%{sha1:hello}"
> }
> pap.authenticate
> ...
Thanks. That solved the problem. I calculated the SHA sum for my
password incorrect.
Next question: How can I define a salted hash password in the users
file? I did not find anything useful in the docs.
openssl passwd -5 -salt salt hello
$5$salt$ZYXsK0pxpaRWBUweKuToC90TC/15c9Iz8u3SGLTaS4D
How can I enter this string as password in FR? What attribute do I
assign it? The Password-With-Header complains, because there is no {...}
header. SSHA-Password? Will FR interpete $5$salt$.... correctly?
Michael
More information about the Freeradius-Users
mailing list