Attached is a minor patch to include support for BASE64_MD5 encoded passwords in a LDAP directory (or anywhere else it may be, as the pap module does the authenticate).
In ldap the record would look like: userPassword: {BASE64_MD5}/F4DjTilcDIIVEHn/nAQsA== If the password was helloworld Thankfully the pap module is clever enough to normalize the password from Base64 encoding automatically so the BASE64_MD5 tag just needed to be added under header_names array, and then do the MD5. So no code change was really required. The debug trace shows: [ldap] looking for check items in directory... [ldap] userPassword -> Password-With-Header == "{BASE64_MD5}/F4DjTilcDIIVEHn/nAQsA==" [ldap] looking for reply items in directory... [ldap] user peterltest authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns updated Found Auth-Type = PAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group PAP {...} [pap] login attempt with password "helloworld" [pap] Using MD5 encryption. [pap] Normalizing MD5-Password from base64 encoding [pap] User authenticated successfully ++[pap] returns ok Cheers Peter
B64.patch
Description: Binary data
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html