(RADIATOR) MD5 Encryption

Charles Delorme charles.delorme at cegedim.fr
Wed Oct 24 12:11:16 CDT 2001


Hi,

as of my understanding of "normal" md5, this is only a hash code, meaning
you will never be able to uncrypt the password (correct me if this is not
the way radiator uses it). For example, try the tools "md5sum" on (mostly)
every linux box. Il will give you a 128 bits hash of any file.

Maybe you should not try to read password from the DB (neither compare it to
a self made md5 hash) but try to validate yourself via radius that the
password the user submited to the cgi is the correct one.

eg :
user => cgi ; cgi make a radius request to the radius server which answer
yes/no ; cgi acts depending upon radius answer.

(btw : I guess you have a very strong way of authenticating your users so
that nobody can change the password of some else :-)

----- Message d'origine -----
De : "Mohammad Tawrit" <tawrit at bttb.net.bd>
À : <radiator at open.com.au>
Envoyé : mercredi 24 octobre 2001 13:57
Objet : (RADIATOR) MD5 Encryption


Dear Hugh,

I was trying to shift my Authentication from simple flat file i.e.
/etc/passwd to SQL on Linux 6. There is no problem with authentication. But
the problem I am facing is to give facility to subscribers for changing
their password. I have developed a CGI script in PERL that will take the
existing password of the subscriber, match it with the stored one and if it
matches then it will update the new password.

While matching I had used crypt() function in Linux 5.2 with no problem. But
the same is not working with Linux 6.0. In your manual it is written as if
the password starts with '$1$' it is MD5 encryption. But I am uncertain
about what function should I have to use to convert the given password by
subscriber to the encrypted one that I shall match with the stored password
in the SQL Database.

Can you help me?

Tawrit


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list