(RADIATOR) Extended DES Password Support

Derrin Chong derrin at lava.net
Thu Mar 3 15:37:34 CST 2005 

Greetings,

Is there a way to authenticate users with passwords in extended
DES (_J9...) format that are not in the UNIX passwd file, i.e.,
using the AuthUNIX.pm module.

I'm trying to setup Radiator on FreeBSD 4.11 to authenticate against
a master.passwd file exported from another FreeBSD system.  The
exported passwd file has passwords that are in extended DES format
-- they were originally from a BSDI system.  I get a "Bad Encrypted
password" error when trying to authenticate.

However, if I change the password in the exported passwd file to
MD5 format I am able to authenticate successfully.

I have an entry in the radius.cfg as follows:

<Realm>
         <AuthBy UNIX>
                 Filename        /usr/local/etc/raddb/passwd
         </AuthBy>

         # Be more verbose with errors
         RejectHasReason

         # Log accounting to the detail file in LogDir
         AcctLogFileName %L/detail
</Realm>

When I attempt to authenticate against the extended DES password I
get the following:

Attributes:
         User-Name = "joebogus"
         User-Password = "<31>a<169><15><221><223><158><187>`<255><145>"
         NAS-IP-Address = 64.65.64.43
         NAS-Port = 20101
         NAS-Port-Type = Async
         State = ""
         Token = ""
         Calling-Station-Id = "8085233517"
         Called-Station-Id = "5666101"
         Acct-Session-Id = "357976393"

Tue Mar  1 10:57:33 2005: DEBUG: Handling request with Handler 'Realm='
Tue Mar  1 10:57:33 2005: DEBUG:  Deleting session for joebogus, 64.65.64.43, 20101
Tue Mar  1 10:57:33 2005: DEBUG: Handling with Radius::AuthUNIX:
Tue Mar  1 10:57:33 2005: DEBUG: Radius::AuthUNIX looks for match with joebogus
Tue Mar  1 10:57:33 2005: DEBUG: Radius::AuthUNIX REJECT: Bad Encrypted password
Tue Mar  1 10:57:33 2005: INFO: Access rejected for joebogus: Bad Encrypted password
Tue Mar  1 10:57:33 2005: DEBUG: Packet dump:
*** Sending to 64.65.64.43 port 1025 ....
Code:       Access-Reject

Thanks for any help you folks can give me.  I apologize if this has
already been discussed.  I couldn't find anything in the archives.

Sincerely,
Derrin Chong

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list