Hi!
Two questions.
MS-CHAP an similar auth-methods require to know users plain passwords.
i want to keep passwords in file and load it by rlm_passwd. All works
good. but for more security i think keep it crypted.
module mschap wants to see decrypted (plain) password.
IMHO, this is good idea to decrypt password by rlm_perl. I can use any
method to encrypt-decrypt password. But.
when rlm_perl renews attibutes values it use pairmove function, which
ignore all new values for User-Password and Crypt-Password.
there is no more suitable attributes in dictionary. I can create
individual attribute and use them, but it is not very good - i have
to check dictionaries after each update.
How to decode Password more suitable?
second question.
Where to insert decoding code?
rlm_perl have both autorize and authenticate methods to handle
radius's calling.
IMHO authenticate is better place.
when i try to insert perl to authenticate section i can make it by 2
ways.
first :
authenticate {
perl
authtype MS-CHAP {
mschap
}
}
In this case perl is not executed.
when i try
authenticate {
authtype MS-CHAP {
perl
mschap
}
}
perl executed, but mschap ignored :(
Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
