(RADIATOR) Encrypted Password and Rad V2.18

Hisham Al-Shiha hshiha at medu.net.sa
Mon May 29 01:05:39 CDT 2006 

Dear Hugh,
	We are already using plaintext for passwords but we wanted to change
that for our new security policy. Regarding the configuration file you
requested, I believe if I write to you the handler that handles the request
will be enough since we have big configuration file. I didn't copy from the
trace 4 log all the access request but I copied the part that is relevant to
our problem. Believe me the below handler cought the request.

	To make things clear, all I'm doing is to test the ability of
Radiator 2.18 to authenticate a user with an encrypted password. So, I
created one user (hshiha2) with UNIX encryption in iPlanet Directory Server
5.1 and in Radiator I created this handler to catch him. That's the whole
story :)

Conf file:

OPTION1

<Handler User-Name = /hshiha2/, Realm = x.x.x.x>
   AcctLogFileName %L/detail.log
   <AuthBy LDAP2>
   	AddToReply Service-Type = Framed-User,Framed-Protocol =
PPP,Idle-Timeout = 1200
   	AuthDN uid=abc, o=xxx
   	AuthPassword xxx
   	BaseDN o=xxx
   	FailureBackoffTime 30
   	Host 1.2.3.4
   	Identifier xyz
   	PasswordAttr userPassword
   	Port 389
	UsernameAttr uid
   </AuthBy>
   AuthByPolicy ContinueAlways
   MaxSessions 1
   PasswordLogFileName %L/password.log
   RejectHasReason
   RewriteUsername s/^([^@]+).*/$1/
   SessionDatabase SDB.medu
</Handler>

OPTION2

<Handler User-Name = /hshiha2/, Realm = x.x.x.x>
   AcctLogFileName %L/detail.log
   <AuthBy LDAP2>
   	AddToReply Service-Type = Framed-User,Framed-Protocol =
PPP,Idle-Timeout = 1200
   	AuthDN uid=abc, o=xxx
   	AuthPassword xxx
   	BaseDN o=xxx
   	FailureBackoffTime 30
   	Host 1.2.3.4
   	Identifier xyz
### just changed this
   	EncryptedPasswordAttr userPassword
   	Port 389
	UsernameAttr uid
   </AuthBy>
   AuthByPolicy ContinueAlways
   MaxSessions 1
   PasswordLogFileName %L/password.log
   RejectHasReason
   RewriteUsername s/^([^@]+).*/$1/
   SessionDatabase SDB.medu
</Handler>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: trace4.txt
URL: <http://www.open.com.au/pipermail/radiator/attachments/20060529/6562ab60/attachment.txt>

More information about the radiator mailing list