Re: Password Learning?
On Wed, 2 Mar 2005, Nick Bright wrote:
Although I just had a thought. I can put the unix Crypt()'d password in
the database if I use Password-Crypt (I think that's the flag, I'll look
in the docs, I know I've seen it).
If you have access to the /etc/passwd and can get the crypt passwords that
should work. In sql just set the attribute as Crypt-Password. If you are
using ldap, just prefix the password with {crypt} (added that in case
anyone searches the archives looking for something similar but w/ ldap).
That would be the easiest way to go.
Otherwise, you could use an external script. If you know perl, look into
rlm_perl. You can call it at any point in the authentication process and
you could create the sql calls to insert the username/password during
auth. Or you could just write a script in another language. The benefit
of the perl module is that its persistant. Check out the exec echo part
of radiusd.conf if you want to use another language.
I think they also have rlm_python if you know python, which will also
provide a persistant connection to the script (I believe).
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Password Learning?
On Tue, 2005-03-01 at 17:26, Alan DeKok wrote: Nick Bright [EMAIL PROTECTED] wrote: My question is this: Can FreeRADIUS *learn* passwords, if a user has no password set? What I mean is that when it queries the database, if it finds a NULL password, it would *SET* the password to whatever was submitted? If you run an external script, yes. Could you be a little more specific? I don't see how to do that right off. If you could point me in the right direction, I think I could figure it out. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- - Nick Bright Terraworld, Inc 888-332-1616 x315 http://home.terraworld.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Password Learning?
Nick Bright [EMAIL PROTECTED] wrote: Could you be a little more specific? I don't see how to do that right off. If you could point me in the right direction, I think I could figure it out. My suggestion would be to run a script if the user fails authentication, to check if the password is in the SQL database, and add it, if not. This means that the users first request will be rejected, but the second one will be OK. There is NO facility within the server do to complex updates like this, because those updates are not normally part of authenticating the user. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Password Learning?
On Wed, 2005-03-02 at 11:51, Alan DeKok wrote: Nick Bright [EMAIL PROTECTED] wrote: Could you be a little more specific? I don't see how to do that right off. If you could point me in the right direction, I think I could figure it out. My suggestion would be to run a script if the user fails authentication, to check if the password is in the SQL database, and add it, if not. I'll look in the documentation to see how to do this, thanks. This means that the users first request will be rejected, but the second one will be OK. Whatever it takes :) There is NO facility within the server do to complex updates like this, because those updates are not normally part of authenticating the user. Yeah, and it really /shouldn't/ need to be. This is more of a custom kludge to solve a specific problem. . . though perhaps that might be a nifty module to have in the software? Something someone in my situation could enable to allow migration from one server to another when passwords are encrypted. Although I just had a thought. I can put the unix Crypt()'d password in the database if I use Password-Crypt (I think that's the flag, I'll look in the docs, I know I've seen it). Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- - Nick Bright Terraworld, Inc 888-332-1616 x315 http://home.terraworld.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Password Learning?
Nick Bright [EMAIL PROTECTED] wrote: My question is this: Can FreeRADIUS *learn* passwords, if a user has no password set? What I mean is that when it queries the database, if it finds a NULL password, it would *SET* the password to whatever was submitted? If you run an external script, yes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
