* added,
And no you shouldn't need to use auto-hearder if you've set the appropriate
password attribute.
The recommended way is to prepend the headers, and use auto_header as its more
flexible, and allows you to migrate between hash schemes non disruptively.
-Arran
On 22 Aug 2011, at 12:00, Arran Cudbard-Bell wrote:
> That would depend on whether you've add the correct header to the hash :)
>
> /*
> * For auto-header discovery.
> */
> static const FR_NAME_NUMBER header_names[] = {
> { "{clear}", PW_CLEARTEXT_PASSWORD },
> { "{cleartext}", PW_CLEARTEXT_PASSWORD },
> { "{md5}", PW_MD5_PASSWORD },
> { "{smd5}", PW_SMD5_PASSWORD },
> { "{crypt}", PW_CRYPT_PASSWORD },
> { "{sha}", PW_SHA_PASSWORD },
> { "{ssha}", PW_SSHA_PASSWORD },
> { "{nt}", PW_NT_PASSWORD },
> { "{nthash}", PW_NT_PASSWORD },
> { "{x-nthash}", PW_NT_PASSWORD },
> { "{ns-mta-md5}", PW_NS_MTA_MD5_PASSWORD },
> { "{x- orcllmv}", PW_LM_PASSWORD },
> { "{X- ORCLNTV}", PW_NT_PASSWORD },
> { NULL, 0 }
> };
>
> -Arran
>
>
>
> On 22 Aug 2011, at 11:46, Det Det wrote:
>
>> Hi,
>>
>> I set PAP module as below. In my DB, user attribute is User-Password. Value
>> of User-Password is an MD5 or CRYPT password. Shouldn't auto-header=yes able
>> to detect the encryption scheme used in the password? What will the
>> auto-header setting for if I still have to specifically set attributes such
>> as MD5-Password or Cleartext-Password, etc.
>>
>> pap {
>> auto_header = yes
>> }
>>
>> thanks,
>> det
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>
> Arran Cudbard-Bell
> [email protected]
>
> RADIUS - Half the complexity of Diameter
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Arran Cudbard-Bell
[email protected]
RADIUS - Half the complexity of Diameter
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
