[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: Users' passwords in SQL
From: Alan DeKok <aland () striker ! ottawa ! on ! ca>
Date: 2001-03-28 16:43:26
[Download RAW message or body]
Yury Bokhoncovich <byg@center-f1.ru> wrote:
> There request->password->strvalue is assumed as a plain-text password but
> I consider pretty unreasonable to have plain-text in a password database
Please read the FAQ on this point.
http://www.freeradius.org/faq/freeradius.html#4.4
> so I have encrypted all passwords in the DB before.
Then you can't do CHAP authentication.
> So, I have done the following patch:
> if (strncmp(crypt(request->password->strvalue, row[0]), row[0],
> request->password->length) != 0) {
You're welcome to make any changes you want to the source.
> But I don't sure this is generally right. Maybe we'd have two tuples in
> the DB per a user: one having attribute='password' (it contains valid
> encrypted or plain-text password) and another having attribute='Auth-Type'
> (it contains various values alike 'Crypt-Local' and so on) ?
You wouldn't want to have 'Auth-Type'. You'd want to have an
attribute 'Password', and another 'Crypt-Password'. The standard
dictionary file already has these attributes defined.
Alan DeKok.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic