(RADIATOR) DecryptPassword
Zak McGregor
zak.mcgregor at gmail.com
Fri Oct 13 05:32:32 CDT 2006
Hi all
I have the following specified in my config file:
LogDir /var/log/radius
DbDir /etc/radiator
Trace 4
BindAddress *********,127.0.0.1
DictionaryFile /etc/radiator/dictionary
AuthPort 1812
AcctPort 1813
<Client 127.0.0.1>
Secret ********
</Client>
<AuthBy FILE>
Identifier RejectUser
Filename /etc/radiator/reject.user
</AuthBy>
<Handler NAS-Port-Type=ISDN>
AuthBy RejectUser
</Handler>
<Handler Realm=********>
AuthByPolicy ContinueWhileReject
<AuthBy EXTERNAL>
DecryptPassword
Command /usr/local/bin/AuthCGPExt.pl
</AuthBy>
<AuthBy RADIUS>
Synchronous
Host 196.37.50.98
Secret x-streamsucks!
AuthPort 1888
NoForwardAccounting
DefaultReply NAS-Port-Type=Async
DefaultSimultaneousUse 1
</AuthBy>
</Handler>
I have replaced potentially sensitive information with "*****", but
realm is fine & ip address info is all working correctly. Currently, we
are proxying through to another radius server on a custom port. I am
trying to implement an external auth program to verify users using
different criteria than the radius server on port 1888 can currently
handle. Unfortunately, the DecryptPassword declaration doesn't seem to
be working, as the external authprogram still gets
User-Password="<nnn><nnn><nnn>....|" (always seems to end with a pipe).
How can I get the plaintext password to the external program OR how can
I make Radiator require both AuthBy declarations to be satisfied before
allowing access? I could then leave the proxied server to handle the
actual password verification, and just use my external program to
verify other user details and fail on things like when the user's
subscription expired.
Thanks!
Cheers
Zak
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list