Hi to everyone !
While trying to make Asterisk and gnu-radius/PostgresSQL interact through
app_radius.so, I saw something strange in the code after many tries and many
"Login incorrect".
It seems that gnu-radius forces the auth-type to DV_AUTH_TYPE_CRYPT_LOCAL when
the auth system uses a SQL connection (MySQL or SQL). I patched the code in
radck.c in order to use DV_AUTH_TYPE_LOCAL and it works perfectly, resulting in
"Login OK" ...
My question is :
- did I correctly understand the meaning of the code ?
- is there a way to tell gnu-radius to compare plain text password and not
crypted one ?
Georges
---
Heres my patch (in radius-1.2.95), in radiusd/radck.c inside fix_check_pairs()
function :
case DV_AUTH_TYPE_SQL:
{
const char *msg;
if (!sql_auth_avail_p(&msg)) {
grad_log_loc(L_ERR, loc, "%s", msg);
errcnt++;
break;
}
if (password || crypt_password) {
grad_log_loc(L_WARN, loc,
"%s",
_("User-Password attribute ignored for this
Auth-Type"));
}
grad_avl_delete(pairs, DA_AUTH_TYPE);
/*
We dont want to use crypted password when id'ing
against a SQL database
GAD 2005-11-03, when trying to have app_radius.so working
*/
/*
p = grad_avp_create_integer(DA_AUTH_TYPE,
DV_AUTH_TYPE_CRYPT_LOCAL);
*/
p = grad_avp_create_integer(DA_AUTH_TYPE,
DV_AUTH_TYPE_LOCAL);
grad_avl_add_pair(pairs, p);
p = grad_avp_create_integer(DA_PASSWORD_LOCATION,
DV_PASSWORD_LOCATION_SQL);
grad_avl_add_pair(pairs, p);
break;
}
_______________________________________________
Help-gnu-radius mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/help-gnu-radius
