Mike Brennan wrote: > * Use Digest Authentication > * The password is stored in an external database (it has a > complicated schema) that I am connecting to via sql.conf. > * I want to extract the password from this database so that it can > be used in Digest Authentication (SIP – using RFC 4590)
Is the password stored in clear-text? If so, it can work. If not, it's impossible. > Is it possible to get the Cleartext-Password (or is it the > User-Password) from my external database through authorize_check_query ? Yes. But you need to edit it. > If so, how do I assign this attribute to the value returned in my query? You create an "Attribute = value", like with everything else in the server. > I can’t store any information in my external database as I am not > allowed to create any tables That's fine. > The following query would return the password – can I use it in > authorize_check_query? > > authorize_check_query="SELECT password FROM fusion.cdm_credentials WHERE > person_id=(SELECT person_id FROM fusion.cdm_person WHERE > user_name='%{User-Name}');" No. The authorize_check_query needs to return "Attribute = value", as shown by the default configuration. You can update your query to return that. Or, don't use "sql" in the "authorize" section, as it expects to see the default FreeRADIUS schema. List "sql" in "instantite", and then do: authorize { ... update control { Cleartext-Password := "%{sql: SELECT password FROM fusion ...}" } ... } i.e. if you have a SELECT which returns a password, you can assign that directly to the Cleartext-Password attribute yourself. > Or am I totally off track? No. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html