(RADIATOR) AuthSQL and NULL passwords

Hugh Irvine hugh at open.com.au
Fri Aug 22 02:39:32 CDT 2003 

Hello Richard -

The first thing to do is make sure that you are editing the correct 
copy of the file.

If you have done a "make install" then the copy of "Radius/AuthSQL.pm" 
that is being executed is in the Perl file hierarchy.

It is generally *much* easier to edit the file in "Radius/AuthSQL.pm" 
in the distribution directory, add whatever "print ...." statements you 
need for debugging, then execute "radiusd" from the distribution 
directory like this:

	# this assumes that the source tarball has been unpacked in 
"/usr/local/src"

	cd /usr/local/src/Radiator/Radiator-3.6

	perl radiusd -foreground -log_stdout -trace 4 -config_file .....

this will pick up the local files in preference to the ones in the Perl 
file hierarchy.

regards

Hugh


On Thursday, Aug 21, 2003, at 23:33 Australia/Melbourne, Richard 
Grantham wrote:

> Hi list,
>
> A while ago I asked about configuring Radiator to reject 
> authentications
> without NULL passwords when the password is NULL in the database.  Two
> solutions were suggested at the time - decoding the password and using
> it in the SELECT statement or changing the Radiator code.  I don't 
> think
> I could change the SQL statement to decode passwords - plus our
> authentication statements are long enough already!  I want to change 
> the
> source code to do what we want.  We want to make this change for
> security reasons that are a little convoluted to go into in too much
> detail!
>
> I'm assuming that this is the code in AuthSQL.pm that needs to be
> changed:
>
> # Add a *-Password check item unless the correct password
> # was NULL in the database, This means that if
> # the password column for a user is NULL,
> # then any password is accepted for that user.
>     $user->get_check->add_attr
>         (defined $self->{EncryptedPassword} ?
>             'Encrypted-Password' : 'User-Password', $password)
>                 if defined $password
>
> I've been playing with it a bit but to no avail.  I'm afraid my 'l33t
> perl sk1llz' are not up to much because I can't seem to change
> Radiator's behaviour.  For instance, the first thing I did was remove
> that 'if defined $password':
>
>     $user->get_check->add_attr
>         (defined $self->{EncryptedPassword} ?
>             'Encrypted-Password' : 'User-Password', $password);
>
> This didn't do anything.  Can anyone point me in the right direction?
> Have I missed something incredibly obvious?
>
> TIA
>
> Richard
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list