Hello,
finally I made EAP-MD5 authentication work.
I thanks Artur and Joao for the helpful cooperation.
Only a question: what does "Auth-Type = System" mean? I.e. what does "System" mean?
Thanks a lot again,
emi
hi
> challenge. EAP-MD5 specifies that supplicant, replying to the server
> at the challenge, carries out a hash on the password and sends it to
> the server. The server performs a hash on the password for that
> supplicant in its database and compares the two hashed values. If
> there's a matching the user is authenticated. My doubt is: is there
that's not very precise.
> a common key used to hash the password that have to be configured on
> the server or this step is not necessary??
your explanation is not precise and so you have difficulties
understanding it.
"the common key" which you are talking about *is* the password. the hash
is actually performed on the received (unique) challenge, of course
including the shared secret, i.e. the password, in order to make it
impossible for somebody who doesn't know the password to produce the
same response to the challenge.
server user
username
<----------
challenge
gen. random chal. ----------> md5(challenge+secret)
=:res
res
md5(challenge+secret) <----------
==res?
success
yes? ---------->
failure
no? ---------->
ciao
artur
--
Artur Hecker
D�partement Informatique et R�seaux, ENST Paris
http://www.infres.enst.fr/~hecker
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
