Hi Alan Yes the password is in clear text. Thx - I will let you know if I am successful Regards Mike
-----Original Message----- From: freeradius-users-bounces+mbrennan=thrupoint....@lists.freeradius.org [mailto:freeradius-users-bounces+mbrennan=thrupoint.com@lists.freeradius.o rg] On Behalf Of Alan DeKok Sent: 25 April 2013 13:47 To: FreeRadius users mailing list Subject: Re: Digest using an external database for the Password Mike Brennan wrote: > * Use Digest Authentication > * The password is stored in an external database (it has a > complicated schema) that I am connecting to via sql.conf. > * I want to extract the password from this database so that it can > be used in Digest Authentication (SIP - using RFC 4590) Is the password stored in clear-text? If so, it can work. If not, it's impossible. > Is it possible to get the Cleartext-Password (or is it the > User-Password) from my external database through authorize_check_query ? Yes. But you need to edit it. > If so, how do I assign this attribute to the value returned in my query? You create an "Attribute = value", like with everything else in the server. > I can't store any information in my external database as I am not > allowed to create any tables That's fine. > The following query would return the password - can I use it in > authorize_check_query? > > authorize_check_query="SELECT password FROM fusion.cdm_credentials > WHERE person_id=(SELECT person_id FROM fusion.cdm_person WHERE > user_name='%{User-Name}');" No. The authorize_check_query needs to return "Attribute = value", as shown by the default configuration. You can update your query to return that. Or, don't use "sql" in the "authorize" section, as it expects to see the default FreeRADIUS schema. List "sql" in "instantite", and then do: authorize { ... update control { Cleartext-Password := "%{sql: SELECT password FROM fusion ...}" } ... } i.e. if you have a SELECT which returns a password, you can assign that directly to the Cleartext-Password attribute yourself. > Or am I totally off track? No. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -------------------- Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. Thrupoint, Inc. nXaR2cC3 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
