[Serusers] Password not being sent during Radius Auth
Greger V. Teigre
greger at teigre.com
Sat Apr 16 12:49:51 CEST 2005
See inline.
>> > 3) I know my radius supports CHAP-MD5. Isn't it enough ?
>
>> Nope. Digest as another algorithm than CHAP that can use MD5 too
>
> So you say I need to support Digest with MD5, or just Digest alone ?
You need to support the HTTP Digest mechanism, read the RFC.
>> > The thing is I've using this radius for some time now, and have
>> > modified it to help my needs. I know it's a bit old already (2002).
>> > Its ic-radius and, according to its web page it does
>> > support digest.
>
>> Well, it must both support digest and the bit special way the
>> *-digest-attritbutes are wrapped into the Digest-Attributes
>> attribute. I don't know ic-radius. We have implemented
>> digest for our own (commercial)
>> RADIUS server.
>> freeRADIUS is your best bet, or the support forum for ic-radius.
>
> I think I'll have to implement Digest in my own radius. Any help ?
Well, not really, but freeradius has an implementation of it that you could
probably look at. You need to check out the licenses though.
> I do not understand how " ... the bit special way the
> *-digest-attritbutes are wrapped into the Digest-Attributes attribute...
> " is implemented. Any hint here ?
Well, if you are to implement this, you need to understand RADIUS (another
RFC...). All the digest attributes are wrapped with length markers into one
single attribute (Digest-Attributes). You need to read that attribute and
decode it before you can use the digest attribute/value pairs for
implementing Digest.
g-)
More information about the sr-users
mailing list