Hi!
If it is interesting to somebody, this is the way I was configured
usage of md5 passwords in sql (postgresql) database:
1. In radiusd.conf
modules {
...
pap {
encryption_scheme = md5
}
...
}
authenticate {
...
authtype md5 {
pap
}
...
}
2. Make sure that authorize_check_query and (if you're using
groups, I hope ;) ) authorize_group_check_query queries
in your specific sql configuration retrieves Op field.
3. Suppose you have user 'delphi' with password 'TheBigSecret'.
Add the following in your database:
radcheck:
username attribute value op
delphi User-Password ddaca0e0dbc81e11418de2fe8624aa70 :=
radgroupcheck:
groupname attribute value op
mygroup Auth-Type md5 :=
usergroup:
username groupname
delphi mygroup
3a. If you're not using groups, then place 'Auth-Type' check item into
radcheck relation (table) for each user ;).
Some notes. Do not confuse with passwords that are the MD5 hash and
ones produced by crypt() that uses MD5 encryption.
MD5 hash of 'TheBigSecret': ddaca0e0dbc81e11418de2fe8624aa70
MD5 crypt() of 'TheBigSecret': $1$HpJtH.Ej$h9NbFYO1dUxw1i7Hc4J1h1
The PAP module uses MD5 hash of the password. If you want to use MD5
crypt() passwords, then in 'radcheck' 'attribute' must be
'Crypt-Password'. The presents of 'Auth-Type' check attribute is
not mandatory in this case. The pap module is not necessary too.
The only one thing is important -- your system's crypt() must know how to
operate with MD5 encrypted passwords.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
