Re: pap + md5

[Evren Yurtesen]

It is the password that your NAS sends to your radius server. It is in 
text normally. It is only encrypted with the shared key when it travels 
over network.

Sergei Koveshnikov wrote:
Hello to everyone!
I'm trying to use MAX6000 + freeradius-1.0.0-pre3 + Postgres + pap + md5 
encryption for users passwords in the DB. 
But I've got auth error:
=====
auth: Failed to validate the user.
Login incorrect (rlm_pap: Configured MD5 password has incorrect length): 
[testuser/password] 
=====
Why User-Password = 'plain text password' in 'rad_recv' log ?
Does radius decrypt password for debus purpouse before puts it on the screen?
Any ideas?
Thank you!

#### radiusd.conf:
modules {
       pap {
                encryption_scheme = md5
        }
}
authorize {
        auth_log
        files
        sql
}
authenticate {
        authtype MD5 {
                pap
        }
}
#### radiusd logs:
rad_recv: Access-Request packet from host 192.168.0.1:1026, id=145, length=173
        User-Name = "testuser"
        User-Password = "password"
        NAS-IP-Address = 192.168.0.1
        NAS-Port = 20214
        NAS-Port-Type = Async
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Calling-Station-Id = "80482320000"
        Ascend-Calling-Id-Type-Of-Num = Unknown
        Ascend-Calling-Id-Number-Plan = Unknown
        Ascend-Calling-Id-Presentatn = Allowed
        Ascend-Calling-Id-Screening = Network-Provided
        Acct-Session-Id = "429965508"
        Ascend-Data-Rate = 31200
        Ascend-Xmit-Rate = 33600
#### skip some lines... 
rlm_sql (sql): Released sql socket id: 3
  modcall[authorize]: module "sql" returns ok for request 0
modcall: group authorize returns ok for request 0
  rad_check_password:  Found Auth-Type MD5
auth: type "MD5"
  Processing the authenticate section of radiusd.conf
modcall: entering group authtype for request 0
rlm_pap: login attempt by "testuser" with password password
rlm_pap: Using password "$1$L8If2hAa$Oy91qkyF8lkWClyBi1I.u0" for user testuser 
authentication.
rlm_pap: Using MD5 encryption.
rlm_pap: Configured MD5 password has incorrect length
  modcall[authenticate]: module "pap" returns reject for request 0
modcall: group authtype returns reject for request 0
auth: Failed to validate the user.
Login incorrect (rlm_pap: Configured MD5 password has incorrect length): 
[testuser/password] (from client max2 port 20214 cli 80482320000)
Delaying request 0 for 1 seconds
Finished request 0

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html