(RADIATOR) small problem with AuthGeneric.pm and {crypt} schemes

Karl Gaissmaier karl.gaissmaier at rz.uni-ulm.de
Mon Jul 1 08:32:58 CDT 2002


Dear Hugh or Mike,

I've a small problem with AuthGeneric, authentication against OpenLDAP
and {crypt} encrypted passwords.

It seems, that OpenLDAP generates passwords with the slappasswd utility 
in the following form:

{CRYPT}........

and AuthGeneric compares the crypt scheme identifier against {crypt},
CASE sensitive(see code snippet from AuthGeneric.pm):

    elsif ($pw =~ /^{crypt}(.*)/)
    {
        # Its a UNIX crypted password
        $result = (crypt($submitted_pw, $1) eq $1);
    }

and AuthLDAP2 delivers the following userPassword from the OpenLDAP
Server (sure it's stored in this format):

Mon Jul  1 14:55:56 2002: DEBUG: LDAP got userPassword: {CRYPT}iRe5XZ5WN5FI.
Mon Jul  1 14:55:56 2002: DEBUG: Radius::AuthLDAP2 looks for match with
user-xy
Mon Jul  1 14:55:56 2002: DEBUG: Radius::AuthLDAP2 REJECT: Bad Password
Mon Jul  1 14:55:56 2002: INFO: Access rejected for user-xy: Bad Password

Request: Could you please check against the different crypt schemes in
a case insensitiv manner as a patch and in the next release?

    elsif ($pw =~ /^{crypt}(.*)/i)
    {
        # Its a UNIX crypted password
        $result = (crypt($submitted_pw, $1) eq $1);
    }


Used Versions:

radiator 3.1 with latest patches installed
perl 5.6.1
SunOS 5.9


Regards
	Charly

-- 
Karl Gaissmaier          Computing Center,University of Ulm,Germany
Email:karl.gaissmaier at rz.uni-ulm.de          Network Administration
Tel.: ++49 731 50-22499
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list