(RADIATOR) MSCHAPv2 Authentication Bug

[Terry Simons]

Hello,

I have discovered a bug in Radiator that causes MSCHAPv2 
authentications to fail in certain circumstances.

I don't understand how MSCHAPv2 actually hashes, but based on the way 
the bug manifests itself, here is what I *believe* may be happening:

When using a handler that distinguishes by Realm, if the authentication 
needs to be done against a stripped username the authentication will 
fail.

For instance...

If the user terry at library.utah.edu authenticates, but the users file 
only contains the name "terry", the authentication fails for me, even 
though I strip the realm.

Does MSCHAPv2 use the username to hash against?  If so, I believe that 
Radiator may be using the unstripped name to hash against, when it 
should be using the stripped name, if one exists (since there would be 
no reason to strip the name, unless it is required to sucessfully 
authenticate, I think...)

Does that make any sense whatsoever?  8-)

If not, maybe my traces and configurations can help ;-)

I've included my user file, a "broken" configuration, a "working" 
configuration, and the output (trace 4) of both configurations from my 
tests.

For the broken configuration, I used a fully-qualified username during 
authentication.  For the working configuration I did not use a fully 
qualified name...  (So:  terry at library.utah.edu for the broken 
authentication, terry for the working authentication).


-------------- next part --------------
A non-text attachment was scrubbed...
Name: RADIATOR_MSCHAPv2_BUG.tar.gz
Type: application/x-gzip
Size: 7601 bytes
Desc: not available
URL: <http://www.open.com.au/pipermail/radiator/attachments/20030304/e2d5d898/attachment.gz>