(RADIATOR) AuthSQL and NULL passwords
Hugh Irvine
hugh at open.com.au
Fri Aug 22 02:39:32 CDT 2003
Hello Richard -
The first thing to do is make sure that you are editing the correct
copy of the file.
If you have done a "make install" then the copy of "Radius/AuthSQL.pm"
that is being executed is in the Perl file hierarchy.
It is generally *much* easier to edit the file in "Radius/AuthSQL.pm"
in the distribution directory, add whatever "print ...." statements you
need for debugging, then execute "radiusd" from the distribution
directory like this:
# this assumes that the source tarball has been unpacked in
"/usr/local/src"
cd /usr/local/src/Radiator/Radiator-3.6
perl radiusd -foreground -log_stdout -trace 4 -config_file .....
this will pick up the local files in preference to the ones in the Perl
file hierarchy.
regards
Hugh
On Thursday, Aug 21, 2003, at 23:33 Australia/Melbourne, Richard
Grantham wrote:
> Hi list,
>
> A while ago I asked about configuring Radiator to reject
> authentications
> without NULL passwords when the password is NULL in the database. Two
> solutions were suggested at the time - decoding the password and using
> it in the SELECT statement or changing the Radiator code. I don't
> think
> I could change the SQL statement to decode passwords - plus our
> authentication statements are long enough already! I want to change
> the
> source code to do what we want. We want to make this change for
> security reasons that are a little convoluted to go into in too much
> detail!
>
> I'm assuming that this is the code in AuthSQL.pm that needs to be
> changed:
>
> # Add a *-Password check item unless the correct password
> # was NULL in the database, This means that if
> # the password column for a user is NULL,
> # then any password is accepted for that user.
> $user->get_check->add_attr
> (defined $self->{EncryptedPassword} ?
> 'Encrypted-Password' : 'User-Password', $password)
> if defined $password
>
> I've been playing with it a bit but to no avail. I'm afraid my 'l33t
> perl sk1llz' are not up to much because I can't seem to change
> Radiator's behaviour. For instance, the first thing I did was remove
> that 'if defined $password':
>
> $user->get_check->add_attr
> (defined $self->{EncryptedPassword} ?
> 'Encrypted-Password' : 'User-Password', $password);
>
> This didn't do anything. Can anyone point me in the right direction?
> Have I missed something incredibly obvious?
>
> TIA
>
> Richard
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list