I was talking about this on a previous thread, but thought that it would require one for itself.
Looking for the password encryption schema, what I saw was that any password generated using the php's function crypt() is correctly read by radius. However, this is strange. As crypt() is a one-way encryption function, when radius would check for it, I think that it would need to generate EXACTLY the same hash for querying the database, wouldn't it? Well, it doesn't look like. For example, look at the following three lines: all of them are hashes for the word 'test'. Any of them are valid, that is, if I log and type the password 'test' (without the quotes), any of these lines will return a access-accept. $1$2zGHwN5F$ytHiyCHtFgKkXU6opsHI3/ $1$I61qcigH$kSds2z.MAvRpQqSC70VXp0 $1$xofKQZIU$cc6n6NjIpaE42itF3QK431 That's where I and the password testing function from Dialup_admin fails: crypting a password with the crypt() funcion without the $salt parameter will generate a different hash, and the query will eventually fail. My question is: HOW radius finds the correct password? It will not try every hash until it finds the correct one, or it checks only for a small size of the hash? If I understand this, I can eventually repair dialup_admin so it can test crypt-passwords correctly... If someone from radius team could help me with this, I would thank you all! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
