Hello Heikki, I have a follow-up question and I hope this will be last for this topic.
> > My question is, between items [2] and [3], how does Radiator checks and > > verifies the password of the username from its database? Isn't it that > > Radiator should check first its database for the username's password > > during step [2] or before step [3]? > > When Radiator receives the password in step [2], it will lookup the > plain text password using the username as key. With the password > Radiator can calculate its own CHAP-Password value using CHAP-Challenge. > See how radpwtst creates the two CHAP related attributes and > http://tools.ietf.org/html/rfc2865#section-5.3 for the attribute > definitions. Since in my case that I am getting the password from an external API via an AuthBy EXTERNAL script, does it mean that I have to do the following steps below upon receiving the user's Access-Request? [1] The external script will query the external API server and get the user's password; [2] The script will then convert the password received into a CHAP-Password format (e.g. CHAP ID + MD5SUM of CHAP ID + password + CHAP-Challenge); [3] Compare the CHAP-Password received from the user's Access-Request vs the CHAP-Password that was converted as per item [2]; [4] Whatever the result of item [3], my script will then do an "exit 0" or "exit 1". Please advice. Thank you very much.
_______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
