[RADIATOR] CHAP flow

M P antmtp at hotmail.com
Fri Nov 25 21:19:15 CST 2011


Hello Heikki,
I have a follow-up question and I hope this will be last for this topic.

> > My question is, between items [2] and [3], how does Radiator checks and
> > verifies the password of the username from its database? Isn't it that
> > Radiator should check first its database for the username's password
> > during step [2] or before step [3]?
> 
> When Radiator receives the password in step [2], it will lookup the
> plain text password using the username as key. With the password
> Radiator can calculate its own CHAP-Password value using CHAP-Challenge.
> See how radpwtst creates the two CHAP related attributes and
> http://tools.ietf.org/html/rfc2865#section-5.3 for the attribute
> definitions.

Since in my case that I am getting the password from an external API via an AuthBy EXTERNAL script, does it mean that I have to do the following steps below upon receiving the user's Access-Request?
[1] The external script will query the external API server and get the user's password;
[2] The script will then convert the password received into a CHAP-Password format (e.g. CHAP ID + MD5SUM of CHAP ID + password + CHAP-Challenge);
[3] Compare the CHAP-Password received from the user's Access-Request vs the CHAP-Password that was converted as per item [2];
[4] Whatever the result of item [3], my script will then do an "exit 0" or "exit 1".
Please advice. Thank you very much. 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20111126/7c905a6b/attachment.html 


More information about the radiator mailing list