On 08/24/2011 03:36 PM, Derek Buttineau wrote: > I was actually thinking of AuthBy SQL. We're currently using UNIX crypt, but > realized it's time to improve security. I'm being told that bcrypt is the > way to go (OpenBSD style 2a/2y). So I guess wait for 4.8 or the patches to > be issued?
That would certainly work with AutBy SQL too. I was just recently using SYSTEM, which gets the hashes from e.g., from /etc/shadow There's no problem putting the hashes in SQL too since it all (SQL, SYSTEM, etc) goes to the same password check within Radiator. I took a quick look at adding types 2a and 2y, and the perl crypt function did not seem to like them. It works well with type 6, though. My understanding is perl crypt uses the libc crypt directly so looks like there's something more needed even if the system I tried it hashes its password in /etc/shadow with 2y. So the additional hash types may require more work than I originally thought. We'll need to check a bit more how to do this. I'll keep you and the list posted. Thanks! -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
