In article <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]> wrote:
>Juan Carlos Castro y Castro <[EMAIL PROTECTED]> wrote:
>> Thanks to Scott Bartlett's kind help, my radiusd now queries MySQL for
>> usernames/passwords, but I don't know how to encrypt the latter. Hence,
>> by now I always get authentication failures. I tried encrypt() and
>> md5(). I hereby annoy you a second time asking for help. ;)
>
> FreeRADIUS *should* eventually come with a utility to encrypt
>passwords. But it doesn't now, sorry.
Here ya go:
#! /usr/bin/perl
#
# cryptpasswd Generate or check md5 and DES hashed passwords.
#
use Getopt::Long;
sub check_des {
return (crypt("fnord", "aa") =~ m/^aa/);
}
sub check_md5 {
return (crypt("fnord", "\$1\$aa") =~ m/^\$1\$/);
}
sub usage {
die "Usage: cryptpasswd [--des|--md5|--check] plaintext_password
[crypted_password]\n";
}
@saltc = ( '.', '/', '0'..'9', 'A'..'Z', 'a'..'z' );
#
# MAIN
#
sub main {
Getopt::Long::Configure("no_ignore_case", "bundling");
my @options = ( "des|d+", "md5|m+", "check|c+" );
usage() unless (eval { Getopt::Long::GetOptions(@options) } );
if ($opt_check) {
usage unless ($#ARGV == 1);
if (crypt($ARGV[0], $ARGV[1]) ne $ARGV[1]) {
print "Password BAD\n";
return 0;
} else {
print "Password OK\n";
return 1;
}
}
usage() unless ($opt_des || $opt_md5);
usage() unless ($#ARGV == 0);
die "DES password hashing not available\n"
if ($opt_des && !check_des());
die "MD5 password hashing not available\n"
if ($opt_md5 && !check_md5());
$salt = ($opt_md5 ? '$1$' : '');
for ($i = 0; $i < ($opt_md5 ? 8 : 2); $i++) {
$salt .= $saltc[rand 64];
}
$salt .= '$' if ($opt_md5);
print crypt($ARGV[0], $salt), "\n";
1;
}
exit !main();
Mike.
--
Move sig.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
