(RADIATOR) small problem with AuthGeneric.pm and {crypt} schemes

Karl Gaissmaier karl.gaissmaier at rz.uni-ulm.de
Mon Jul 1 08:32:58 CDT 2002

Dear Hugh or Mike,

I've a small problem with AuthGeneric, authentication against OpenLDAP
and {crypt} encrypted passwords.

It seems, that OpenLDAP generates passwords with the slappasswd utility 
in the following form:


and AuthGeneric compares the crypt scheme identifier against {crypt},
CASE sensitive(see code snippet from AuthGeneric.pm):

    elsif ($pw =~ /^{crypt}(.*)/)
        # Its a UNIX crypted password
        $result = (crypt($submitted_pw, $1) eq $1);

and AuthLDAP2 delivers the following userPassword from the OpenLDAP
Server (sure it's stored in this format):

Mon Jul  1 14:55:56 2002: DEBUG: LDAP got userPassword: {CRYPT}iRe5XZ5WN5FI.
Mon Jul  1 14:55:56 2002: DEBUG: Radius::AuthLDAP2 looks for match with
Mon Jul  1 14:55:56 2002: DEBUG: Radius::AuthLDAP2 REJECT: Bad Password
Mon Jul  1 14:55:56 2002: INFO: Access rejected for user-xy: Bad Password

Request: Could you please check against the different crypt schemes in
a case insensitiv manner as a patch and in the next release?

    elsif ($pw =~ /^{crypt}(.*)/i)
        # Its a UNIX crypted password
        $result = (crypt($submitted_pw, $1) eq $1);

Used Versions:

radiator 3.1 with latest patches installed
perl 5.6.1
SunOS 5.9


Karl Gaissmaier          Computing Center,University of Ulm,Germany
Email:karl.gaissmaier at rz.uni-ulm.de          Network Administration
Tel.: ++49 731 50-22499
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list