(RADIATOR) CHAP and PAP

Hugh Irvine hugh at open.com.au
Thu Oct 26 21:06:49 CDT 2006 

Hello Mike -

On thinking about this a bit more, you could also use an  
AuthColumnDef for your passwords rather than the default and use a  
different AuthSelect query. Or if you can identify these "special"  
users by the contents of the radius request (or where it comes from)  
you can also set up a Handler to deal with them differently with  
different AuthBy SQL clauses. You could also use a stored procedure  
in the database to do whatever is required before returning the  
password to Radiator.

hope this helps

regards

Hugh


On 27 Oct 2006, at 10:26, Hugh Irvine wrote:

>
> Hello Mike -
>
> Of course you will also need to remove the "EncryptedPassword"  
> parameter from the AuthBy SQL clause(s).
>
> regards
>
> Hugh
>
>
> On 27 Oct 2006, at 10:13, Hugh Irvine wrote:
>
>>
>> Hello again Mike -
>>
>> We have just been discussing this again here and I don't think my  
>> suggestion will work, unfortunately.
>>
>> The alternative therefore is to add "{crypt}" prefixes to your  
>> existing passwords, except for those plaintext passwords which can  
>> either have "{clear}" prefixes or be left as cleartext.
>>
>> Apologies for any confusion.
>>
>> regards
>>
>> Hugh
>>
>>
>> On 27 Oct 2006, at 08:49, Hugh Irvine wrote:
>>
>>>
>>> Hi Mike -
>>>
>>> As you suggest below, you can use "{clear}password" just for  
>>> those users who need it and leave the rest as they are.
>>>
>>> See sections 12.1.1 and 12.1.2 in the Radiator 3.15 reference  
>>> manual ("doc/ref.html").
>>>
>>> regards
>>>
>>> Hugh
>>>
>>>
>>> On 27 Oct 2006, at 07:53, Mike Gomez wrote:
>>>
>>>> Hi All,
>>>>
>>>> I've run into a bit of a problem that I'm hoping I can figure  
>>>> out without
>>>> having to do too much of an overhaul on our mysql database. ;)   
>>>> We've been
>>>> using Radiator and PAP authentication for years (using just  
>>>> standard unix
>>>> encryption on passwords).  We've just recently switched dialup  
>>>> providers, and
>>>> some of the Qwest numbers they use only allow CHAP.
>>>>
>>>> It's only for a small subset of my users that this is causing a  
>>>> problem for
>>>> (150 out of the 12,000 or so in the database).  Since my  
>>>> passwords aren't in
>>>> clear text, CHAP won't work.  From what I've read, I believe I  
>>>> could change
>>>> all of my users to clear text passwords and then both PAP and  
>>>> CHAP would
>>>> work, but I'd honestly like to avoid making changes to all  
>>>> 12,000 users and
>>>> just change the 150 that are having problems.
>>>>
>>>> We use the EncryptedPassword option, since we don't have {crypt}  
>>>> specified
>>>> before each password.  Is there any way I could just change the  
>>>> problem users
>>>> to have their passwords set as "{clear}password" in mysql and  
>>>> not have to end
>>>> up changing all of the rest of the passwords (either to clear  
>>>> text, or by
>>>> putting {crypt} in front of them)?  I'm reading through the  
>>>> reference manual,
>>>> but the only way I can see to do this is either by changing  
>>>> everyone to clear
>>>> text, or using the {} before each user's password to describe  
>>>> whether it's
>>>> encrypted of not.
>>>>
>>>> Thanks in advance for any help! :)
>>>> -- 
>>>> Mike Gomez
>>>>
>>>> --
>>>> Archive at http://www.open.com.au/archives/radiator/
>>>> Announcements on radiator-announce at open.com.au
>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>> 'unsubscribe radiator' in the body of the message.
>>>
>>>
>>>
>>> NB:
>>>
>>> Have you read the reference manual ("doc/ref.html")?
>>> Have you searched the mailing list archive (www.open.com.au/ 
>>> archives/radiator)?
>>> Have you had a quick look on Google (www.google.com)?
>>> Have you included a copy of your configuration file (no secrets),
>>> together with a trace 4 debug showing what is happening?
>>>
>>> -- 
>>> Radiator: the most portable, flexible and configurable RADIUS server
>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>>> Includes support for reliable RADIUS transport (RadSec),
>>> and DIAMETER translation agent.
>>> -
>>> Nets: internetwork inventory and management - graphical, extensible,
>>> flexible with hardware, software, platform and database  
>>> independence.
>>> -
>>> CATool: Private Certificate Authority for Unix and Unix-like  
>>> systems.
>>>
>>>
>>> --
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>
>>
>>
>> NB:
>>
>> Have you read the reference manual ("doc/ref.html")?
>> Have you searched the mailing list archive (www.open.com.au/ 
>> archives/radiator)?
>> Have you had a quick look on Google (www.google.com)?
>> Have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>>
>> -- 
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>> Includes support for reliable RADIUS transport (RadSec),
>> and DIAMETER translation agent.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>> -
>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>
>>
>> --
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/ 
> archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> -- 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec),
> and DIAMETER translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list