Re: Password Learning?
Nick Bright <[EMAIL PROTECTED]> wrote: > My question is this: Can FreeRADIUS *learn* passwords, if a user has no > password set? What I mean is that when it queries the database, if it > finds a NULL password, it would *SET* the password to whatever was > submitted? If you run an external script, yes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Password Learning?
On Tue, 2005-03-01 at 17:26, Alan DeKok wrote: > Nick Bright <[EMAIL PROTECTED]> wrote: > > My question is this: Can FreeRADIUS *learn* passwords, if a user has no > > password set? What I mean is that when it queries the database, if it > > finds a NULL password, it would *SET* the password to whatever was > > submitted? > > If you run an external script, yes. > Could you be a little more specific? I don't see how to do that right off. If you could point me in the right direction, I think I could figure it out. > Alan DeKok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- - Nick Bright Terraworld, Inc 888-332-1616 x315 http://home.terraworld.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Password Learning?
Nick Bright <[EMAIL PROTECTED]> wrote: > Could you be a little more specific? I don't see how to do that right > off. If you could point me in the right direction, I think I could > figure it out. My suggestion would be to run a script if the user fails authentication, to check if the password is in the SQL database, and add it, if not. This means that the users first request will be rejected, but the second one will be OK. There is NO facility within the server do to complex updates like this, because those updates are not normally part of authenticating the user. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Password Learning?
On Wed, 2005-03-02 at 11:51, Alan DeKok wrote: > Nick Bright <[EMAIL PROTECTED]> wrote: > > Could you be a little more specific? I don't see how to do that right > > off. If you could point me in the right direction, I think I could > > figure it out. > > My suggestion would be to run a script if the user fails > authentication, to check if the password is in the SQL database, and > add it, if not. I'll look in the documentation to see how to do this, thanks. > > This means that the users first request will be rejected, but the > second one will be OK. Whatever it takes :) > > There is NO facility within the server do to complex updates like > this, because those updates are not normally part of authenticating > the user. Yeah, and it really /shouldn't/ need to be. This is more of a custom kludge to solve a specific problem. . . though perhaps that might be a nifty module to have in the software? Something someone in my situation could enable to allow migration from one server to another when passwords are encrypted. Although I just had a thought. I can put the unix Crypt()'d password in the database if I use Password-Crypt (I think that's the flag, I'll look in the docs, I know I've seen it). > > Alan DeKok. > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- - Nick Bright Terraworld, Inc 888-332-1616 x315 http://home.terraworld.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Password Learning?
On Wed, 2 Mar 2005, Nick Bright wrote:
> Although I just had a thought. I can put the unix Crypt()'d password in
> the database if I use Password-Crypt (I think that's the flag, I'll look
> in the docs, I know I've seen it).
>
If you have access to the /etc/passwd and can get the crypt passwords that
should work. In sql just set the attribute as Crypt-Password. If you are
using ldap, just prefix the password with {crypt} (added that in case
anyone searches the archives looking for something similar but w/ ldap).
That would be the easiest way to go.
Otherwise, you could use an external script. If you know perl, look into
rlm_perl. You can call it at any point in the authentication process and
you could create the sql calls to insert the username/password during
auth. Or you could just write a script in another language. The benefit
of the perl module is that its persistant. Check out the exec echo part
of radiusd.conf if you want to use another language.
I think they also have rlm_python if you know python, which will also
provide a persistant connection to the script (I believe).
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Password Learning?
On Fri, 2005-03-04 at 16:35, Dustin Doris wrote:
> On Wed, 2 Mar 2005, Nick Bright wrote:
>
> > Although I just had a thought. I can put the unix Crypt()'d password in
> > the database if I use Password-Crypt (I think that's the flag, I'll look
> > in the docs, I know I've seen it).
> >
>
> If you have access to the /etc/passwd and can get the crypt passwords that
> should work. In sql just set the attribute as Crypt-Password. If you are
> using ldap, just prefix the password with {crypt} (added that in case
> anyone searches the archives looking for something similar but w/ ldap).
>
> That would be the easiest way to go.
Yeah, I figured that out. . . Have that set up and working (some of my
recent posts have been dealing with that)
>
> Otherwise, you could use an external script. If you know perl, look into
> rlm_perl. You can call it at any point in the authentication process and
> you could create the sql calls to insert the username/password during
> auth. Or you could just write a script in another language. The benefit
> of the perl module is that its persistant. Check out the exec echo part
> of radiusd.conf if you want to use another language.
>
I'll probably end up using a script to convert peoples passwords when
they log in, or just do it with a query (since I'm logging the plain
text password to SQL anyways) later.
> I think they also have rlm_python if you know python, which will also
> provide a persistant connection to the script (I believe).
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
- Nick Bright
Terraworld, Inc
888-332-1616 x315
http://home.terraworld.net
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
