On Tue, 2007-07-24 at 14:29 +0300, FreeRadius-ML wrote: > Ok, > > I think there is a misunderstanding here. Here's my target: > > OpenSER -> FreeRadius -- rlm_perl --> TCP Server > > Now, if I understand correctly, in order to validate that a SIP register > coming in from the OpenSER is a valid username/password combo, I'm required > to calculate the Digest on the TCP Server, and verify it against the digest
No, I understand what you're trying to do. I'm telling you you're doing it the wrong way. You are welcome to disagree with my opinion, but there it is. > that is calculated at the OpenSER, and that is being done using the > AVP information that is passwed to the FreeRadius server, and the password > that is stored at the remote TCP Server. Why can't you just have the TCP server pass the HA1 value back to the Radius server on request, and have the Radius server (which already has a proven, tested, high-performance digest implementation) do it? In any event - if you are adamant that the entire digest auth needs to take place inside the TCP server, then you will need to re-implement the digest authentication algorithm, and that's not a Radius question. You should re-read the RFC, and possibly look at the source for rlm_digest, but this isn't really an appropriate forum to learn how the digest algo works. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html