> [EMAIL PROTECTED] wrote: >> However, the users file from the Shiva box that authorizes all of the users has every password encrypted. I have looked at Shiva's website, but >> they don't seem to be very specific on what type of encryption is used, or >> maybe I just don't understand it completly, here is a link: >> http://www.intel.com/support/si/mgt/config/ex0907.htm >> It is a "SALT encryption" according to their website, the closest thing I >> can figure to that is the unix crypt...? > > Probably. > >> So, I am not sure how I can possibly take the current users file we have >> and import it into a mysql database for authorization, since we do not know each users cleartext password, and I am confused how I may be able to >> decrypt the passwords that are currently in the users file. > > You can't decrypt them. > >> Or maybe if I can discover the encryption type, I can enter the encrypted >> text directly as clear-text into the mysql database and just use that specific Auth-Type for FreeRadius? > > No, but if you enter them as the "Crypt-Password" attribute, instead > of User-Password, they should work for PAP authentication. > > Alan DeKok. >
Alan, Thanks for the reply. I have found that the Shiva Access Switch uses SPAP(Shiva Password Authentication Protocol) for encryption/decryption. Since that is a proprietary protocol, and I can't find anything relating to it and freeradius, can I assume that it is unsupported? heh. I did find this information from the funk steel-belted radius website: http://notesnt.funk.com/TechNotenewweb.nsf/0/ec4c617d965763e985256aca0003b40d?OpenDocument PROTOCOL ID NUMBERS: SPAP = 0xC027 CHAP = 0xC223 PAP = 0xC023 It seems those are required for steel-belted radius to work with SPAP, CHAP, and PAP. I am not sure if the "0xC027" is the SALT Key that is used by SPAP for encryption...? I guess I need to research more how PAP is used for encryption/decryption to see if maybe something similar can be done with SPAP. Thanks again. -- Donnie - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
