(RADIATOR) Crypto EPPwdHash
Mike McCauley
mikem at open.com.au
Sat Jan 15 16:36:18 CST 2005
Hard to find exact data, but I think this describes the algorithm:
Use the ASN.1 encoder to encode Password, the timestamp, and the alias
alone. Perform an MD5 Hash on the ASN.1 encoded buffer. This results in a
16-byte Hash
see also
http://cvs.sourceforge.net/viewcvs.py/openh323/openh323/src/h235auth.cxx?rev=1.28&view=markup
Cheers.
On Saturday 15 January 2005 22:38, Pavel A Crasotin wrote:
> Hello all.
>
> We are trying authenticate VoIP user on our gatekeeper using
> RADIATOR and Oracle DB as backend. Logins and passwords of voip users
> are stored as clear text.
>
> But we have problems. Voip terminal sends login and password to GK as
> cryptoEPPwdHash:
> cryptoTokens = 1 entries {
> [0]=cryptoEPPwdHash {
> alias = h323_ID 5 characters {
> 0074 0065 0073 0074 0031 test1
> }
> timeStamp = 1103778935
> token = {
> algorithmOID = 1.2.840.113549.2.5
> paramS = {
> }
> hash = Hex: b6 5f e7 0d d2 2e c9 18 88 4f e3 aa 54 e7 22 31
> }
> }
> }
>
> GK translates this data to radius server and in RADIATOR debug I see:
>
> Code: Access-Request
> Identifier: 30
> Authentic: R;<154>w<30><0>k'<153>0<0> <16><154><244>$
> Attributes:
> User-Name = "test1"
> NAS-IP-Address = 127.0.0.1
> NAS-Port-Type = Async
> Service-Type = Login-User
> cisco-avpair =
> "xpgk-md5-auth=test1/1103778935/b65fe70dd22ec918884fe3aa54e72231"
> cisco-avpair = "xpgk-request-type=user"
>
>
> Can anyone help me and explain how can I authenticate these devices?
> What should I do to compare hash and password?
>
> As GK we use MVTS if it helps...
>
> Thanks in advance.
>
> --
> With respect,
> Pavel A Crasotin
> OJSC SeverTransCom
> Tel: +7 (0852) 58-41-03, 58-01-01
> Fax: +7 (0852) 58-01-01
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS etc.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list