"A. Burak Gurdag" <[EMAIL PROTECTED]> wrote: > I can manage to do digest authentication (according to > sterman-draft-00) over FreeRadius against an LDAP server in which user > passwords are stored in cleartext. I would like to store passwords in > SSHA or MD5 encoded form in the LDAP server. But it does not seem > possible since FreeRadius has no way to know the password to calculate > the digest to authenticate. Am I wrong?
You're right. It's impossible. > Do I have to delegate the digest calculation and verification to the > LDAP server to achieve this (in this case I have to put my focus on > the LDAP server that I use)? You can't. The LDAP server has no more information that FreeRADIUS has, and therefore can't do anything different. And there are *no* LDAP servers that can do digest authentication. That I can guarantee. > Is there another way that you can suggest? Store clear-text passwords in LDAP. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html