rlm_pap and support of SCRYPT hash ?
Alan DeKok
aland at deployingradius.com
Fri Jul 18 11:59:29 UTC 2025
On Jul 16, 2025, at 10:44 AM, Marc Fradin <marc.fradin at imt-atlantique.fr> wrote:
> recently, for security reasons, we change the hash of passwd in our ldap directory from {SSHA} to {CRYPT}*SCRYPT *but EAP/TTLS/PAP no longer works
>
> Indeed, man rlm_pap talks about crypt but not *scrypt*
It uses "crypt" as a short form for any crypt-style storage. In order to do its work, the module uses the crypt() function which supplied by the local OS.
> I installed a new test VM host with FreeRADIUS Version 3.2.5 on "Ubuntu 24.04.2 LTS"
> It works fine now but I don't know if it's due to the new version of freeradius or the updated crypt libraries for exemple ?
Updating the local OS allows it to support more variants of crypt encoding.
Alan DeKok.
More information about the Freeradius-Users
mailing list