There is ongoing discussion on this topic :
http://lists.freeradius.org/pipermail/freeradius-users/2005-October/047606.html
You might also want to check this, for information related to digest authentication with RADIUS and LDAP :
http://www-rocq.inria.fr/who/Philippe.Sultan/Asterisk/asterisk_sip_external_authentication.html
Bye,
Philippe
On 10/12/05, Cheng Zhang <[EMAIL PROTECTED]> wrote:
I have setup SER to authenticate via FreeRADIUS with MSSQL DB. The SIP
proxy (SER) use digest authentication to authenticate with FreeRADIUS
server. This way the user's password is stored as cleartext in the
database. I'd like to know is there a way to make such setup using
hashed password (just MD5 or HA1)?
I asked this question on SER's mailing list, but seems cleartext
password is the only way to do digest authentication with FreeRADIUS.
After reading through RFC2617 and draft-ietf-radext-digest-auth-04,
seems to me that if Digest-Algorithm attribute in RADIUS packet is
'MD5-sess', there is a Digest-HA1 attribute might be useful for my
purpose. Is there any options to tweak FreeRADIUS's digest
authentication mode, something like 'auth_type' or 'encrypt_method'
for MSCHAP or other authentication methods?
Thanks.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
