(RADIATOR) DecryptPassword

Zak McGregor zak.mcgregor at gmail.com
Fri Oct 13 05:32:32 CDT 2006


Hi all

I have the following specified in my config file:
LogDir          /var/log/radius
DbDir           /etc/radiator
Trace           4
BindAddress *********,127.0.0.1
DictionaryFile /etc/radiator/dictionary
AuthPort 1812
AcctPort 1813
<Client 127.0.0.1>
        Secret ********
</Client>
<AuthBy FILE>
        Identifier RejectUser
        Filename /etc/radiator/reject.user
</AuthBy>
<Handler NAS-Port-Type=ISDN>
        AuthBy RejectUser
</Handler> 
<Handler Realm=********>
        AuthByPolicy ContinueWhileReject
       <AuthBy EXTERNAL>
               DecryptPassword
               Command /usr/local/bin/AuthCGPExt.pl
       </AuthBy>	
        <AuthBy RADIUS>
                Synchronous
                Host 196.37.50.98
                Secret x-streamsucks!
                AuthPort 1888
                NoForwardAccounting
                DefaultReply NAS-Port-Type=Async
                DefaultSimultaneousUse 1
        </AuthBy>
</Handler>

I have replaced potentially sensitive information with "*****", but
realm is fine & ip address info is all working correctly. Currently, we
are proxying through to another radius server on a custom port. I am
trying to implement an external auth program to verify users using
different criteria than the radius server on port 1888 can currently
handle. Unfortunately, the DecryptPassword declaration doesn't seem to
be working, as the external authprogram still gets
User-Password="<nnn><nnn><nnn>....|" (always seems to end with a pipe).
How can I get the plaintext password to the external program OR how can
I make Radiator require both AuthBy declarations to be satisfied before
allowing access? I could then leave the proxied server to handle the
actual password verification, and just use my external program to
verify other user details and fail  on things like when the user's
subscription expired.

Thanks!

Cheers

Zak

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list