[RADIATOR] crypt password to check against encrypted password stored in MySql
Heikki Vatiainen
hvn at open.com.au
Fri Aug 30 06:06:43 CDT 2013
On 08/30/2013 10:46 AM, Jeffrey Lee wrote:
> Hi, how do you perform a crypt (one-way hash) on a password to check
> against an encrypted password stored in MySql?
You need to return the password hash with prefix that tells this is a
hash (and what kind of hash this is) and not a plain text passwords.
For example:
- password is fred
- MySQL hashing produces 0569ef75321b8fed
- You need to return {mysql}0569ef75321b8fed so that Radiator knows to
hash the incoming User-Password first instead of comparing it directly
to 0569ef75321b8fed.
> I have a <AuthBy SQL>
>
> AuthSelect call sp_GetUserPassword('%{User-Name}')
> AuthColumnDef 0, User-Password, check
>
> The stored procedure (MySql routine) will return the encrypted password,
> but since the password sent to Radiator is in clear-text, the
> authentication request will be rejected.
Change sp_GetUserPassword() to return {mysql}hashedvalue instead of
plain hashedvalue.
If that is not possible, use TranslatePasswordHook in the AuthBy:
TranslatePasswordHook sub { return '{mysql}' . $_[0]; }
> I'll need the clear-text password sent to radiator to be first encrypted
> (similar to PHP's crypt with salt) before comparing against database.
A better way to do this is to let Radiator know what the DB has. In this
case you need to tell it the DB has MySQL hashes.
> Does anyone have a solution to this?
Please let us know if the above helps.
Thanks,
Heikki
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list