[RADIATOR] CHAP flow

M P antmtp at hotmail.com
Fri Nov 25 21:30:02 CST 2011


Hello Heikki,
As per my previous e-mail below, is it possible instead to pass the password I received from the external API as stated on item [1] to the built-in "processor" that the Radiator has instead of performing the item[2], then let Radiator do the rest? Meaning, my script will just fetch the password from an external API for Radiator to process it and let Radiator do the rest of the remaining processes.
Please advice. Thank you.

From: antmtp at hotmail.com
To: hvn at open.com.au
Date: Sat, 26 Nov 2011 11:19:15 +0800
CC: radiator at open.com.au
Subject: Re: [RADIATOR] CHAP flow








Hello Heikki,
I have a follow-up question and I hope this will be last for this topic.

> > My question is, between items [2] and [3], how does Radiator checks and
> > verifies the password of the username from its database? Isn't it that
> > Radiator should check first its database for the username's password
> > during step [2] or before step [3]?
> 
> When Radiator receives the password in step [2], it will lookup the
> plain text password using the username as key. With the password
> Radiator can calculate its own CHAP-Password value using CHAP-Challenge.
> See how radpwtst creates the two CHAP related attributes and
> http://tools.ietf.org/html/rfc2865#section-5.3 for the attribute
> definitions.

Since in my case that I am getting the password from an external API via an AuthBy EXTERNAL script, does it mean that I have to do the following step
 s below upon receiving the user's Access-Request?
[1] The external script will query the external API server and get the user's password;
[2] The script will then convert the password received into a CHAP-Password format (e.g. CHAP ID + MD5SUM of CHAP ID + password + CHAP-Challenge);
[3] Compare the CHAP-Password received from the user's Access-Request vs the CHAP-Password that was converted as per item [2];
[4] Whatever the result of item [3], my script will then do an "exit 0" or "exit 1".
Please advice. Thank you very much. 		 	   		  

_______________________________________________
radiator mailing list
radiator at open.com.au
http://www.open.com.au/mailman/listinfo/radiator 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20111126/cef6d199/attachment.html 


More information about the radiator mailing list