Hi, Meltem.
DIGEST mode does not work with encrypted passwords. However, one way to have an encrypted password storage is to store a hash value of the username:realm:password string in the User-Password field of your entry.
digest module configuration must include this line :
digest {
enc_mode=yes
}
Auth-Type might be set to Digest, but it is not necessary since Freeradius will trigger the rlm_digest module when parsing the Access-Request.
If you want to build the hash value, try this command :
echo -n 'username:realm:password' | md5sum
You might want to test this patch for that purpose :
Please give some feedback if you ever test it, since I suspect some modifications are needed. The advice of Freeradius managers is also needed, since a configuration option to the rlm_digest module has been added.
Best regards,
Philippe
---
Mon, 10 Oct 2005 01:25:09 -0700
Hello,I am using SIP Express Router(SER) version 0.9.3 and freeRADIUS version 1.0.4.
SIP uses digest as authentication scheme.I am trying to keep the user passwords as encrypted in freeRadius DB which is mySql table radcheck. The system is working with plaintext password, but it does not work with encrypted passwords even I tried all type of configurations.
My first question is "Does DIGEST work with ENCRYPTED PASSWORDS" ??? Since Digest is a must for SIP.
If NOT, what authentication scheme can I use to make SIP work with freeRADIUS? If DIGEST works with encrypted passwords, what should be the configuration files:
1) in radiusd.conf ?2) What should be the value of "Auth-Type" parameter in radcheck or radgroupchek tables ? 3) What should be the attribute for password in radcheck table ? Is it "User-Password" or
"Chap-Password" or "Crypt-Password" ?? I'll appreciate very much if anyone can help. Regards, Meltem Kirisci
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
