Alan DeKok wrote:
"A. Burak Gurdag" <[EMAIL PROTECTED]> wrote:
I can manage to do digest authentication (according to sterman-draft-00) over FreeRadius against an LDAP server in which user passwords are stored in cleartext. I would like to store passwords in SSHA or MD5 encoded form in the LDAP server. But it does not seem possible since FreeRadius has no way to know the password to calculate the digest to authenticate. Am I wrong?
You're right. It's impossible.
Do I have to delegate the digest calculation and verification to the LDAP server to achieve this (in this case I have to put my focus on the LDAP server that I use)?
You can't. The LDAP server has no more information that FreeRADIUS has, and therefore can't do anything different.
And there are *no* LDAP servers that can do digest authentication. That I can guarantee.
Is there another way that you can suggest?
Store clear-text passwords in LDAP.
Alan DeKok.
Or use EAP-TTLS/PAP to get a clear text password from your clients and use encrypted passwords in LDAP.
--Craig
-- / Craig Huckabee | e-mail: [EMAIL PROTECTED] / / Code 715-CH | phone: (843) 218 5653 / / SPAWAR Systems Center | close proximity: "Hey You!" / / Charleston, SC | ICBM: 32.78N, 79.93W /
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html