I correct myself, if I'm not wrong CHAP needs the password to be stored in clear. The only way you can do that is to use radius checks, you can store the clear password there.
Users which have a corresponding django user will always have their password hashed, it's one of the goal of django-freeradius to avoid storing password in clear. Fed On Saturday, October 27, 2018 at 5:53:44 PM UTC+2, Federico Capoano wrote: > > I'm not sure how to implement that with the rml-rest module. > > There may be a way, if you find it please let me know, if we have a clear > path on what we need to do to implement that we can open an issue on github > and I think sooner or later we will find somebody else with the same need > which may want to help implementing it. > > Fed > > > On Saturday, October 27, 2018 at 5:18:29 PM UTC+2, Bino Oetomo wrote: >> >> >> >> On Thursday, October 25, 2018 at 7:52:04 PM UTC+7, Federico Capoano wrote: >>> >>> Passwords get to freeradius in clear over TLS (these are also encrypted >>> with the shared secret of freeradius BTW) >>> >>> >>> I mean, if our Authenticator (i.e PPP gateway, Captive Portal, etc etc) >> use a CHAP password, FreeRadius will not send ''User-Password' as part of >> it's rlm_rest call to our rest-server. It'll send CHAP..... That is I don't >> know how to compare this to user's django password. >> >> Sincerely >> -bino- >> > -- You received this message because you are subscribed to the Google Groups "OpenWISP" group. To unsubscribe from this group and stop receiving emails from it, send an email to openwisp+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
