Re[4]: Problem: authenticate with /etc/passwd users

Tue, 26 Nov 2002 07:45:44 -0800 

Dear Sarick,

Any  challenge-response  based  authentication  can't  work with crypted
password.  One  and  only exception is NT password which can be used for
MS-CHAP v1/2 authentication.

--Monday, November 25, 2002, 2:07:32 PM, you wrote to [EMAIL PROTECTED]:

S> Hi, firstly thanks your quick response.  :-)
S> ----- Original Message -----
S> From: "3APA3A" <[EMAIL PROTECTED]>
S> To: "Sarick" <[EMAIL PROTECTED]>
S> Cc: <[EMAIL PROTECTED]>
S> Sent: Monday, November 25, 2002 6:50 PM
S> Subject: Re[2]: Problem: authenticate with /etc/passwd users


>> Dear Sarick,
>>
>> In  your case problem is you try to use crypyted passwords with EAP/md5.
>> For EAP/md5 you need cleartext password.
>>
S> So, what should I do if I want to use the crypted passwords?
S> Should I make the rlm_passwd module?
S> How should I config it?
S> My ambition is to make a 802.1x authentication. Authentication messages from
S> authenticating
S> supplicant (client)  be in EAP format (I use /EAP-MD5).
S> And user-names and user-passwords can be derived from the /etc/passwd file.
S> Therefore, I don't have to maintain
S> the ./raddb/users file too constantly.
S> Below is my radiusd.conf for EAP section:--------------
S>         #  For all EAP related authentications
S>         eap {
S>                 # Invoke the default supported EAP type when
S>                 # EAP-Identity response is received
S>                         default_eap_type = md5

S>                 # Default expiry time to clean the EAP list,
S>                 # It is maintained to co-relate the
S>                 # EAP-response for each EAP-request sent.
S>                         timer_expire     = 60

S>                 # Supported EAP-types
S>                 md5 {
S>                 }
S>                 #....................Skip
S>                 ## EAP-TLS is highly experimental EAP-Type at the moment.
S>                 #       Please give feedback on the mailing list.
S>                 #tls {
S>                 #       private_key_password = password
S>                 #       private_key_file = /path/filename

S>         mschap {
S>                 # Location of the SAMBA passwd file
S>                 #       passwd = /etc/smbpasswd

S>                 # authtype value, if present, will be used
S>                 # to overwrite (or add) Auth-Type during
S>                 # authorization. Normally should be MS-CHAP
S>                 authtype = MS-CHAP







-- 
~/ZARAZA
Неприятности начнутся в восемь.  (Твен)


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to