I made a small modification to util.pm so I can have the decrypted password
in Radiator.
In this example '%P' would be the decrypted password and can be used the
same way as '%n' (the Username)
I think this is very useful for everyone. In my case, this allows me to
send the username and the password as:
AuthSelect exec MyStoredProc '%n' '%P'
May I suggest we include the following in util.pm
'P', sub { return unless $packet;
$packet->decode_password($packet->{Client}->{Secret}) },
Also replace:
$s =~ s/%([%abcCdefgDhijkHlLmMNopnRStTUuyY])/&{$conversions{$1}}()/egs;
with:
$s =~ s/%([%abcCdefgDhijkHlLmMNopPnRStTUuyY])/&{$conversions{$1}}()/egs;
> I wish I could use the DecryptPassword clause found in AuthExternal.
> I tried to implement it in the AuthSQL.pm but my perl knowledge is too
rusty
>
> I am sure this is just a few lines of code but I am afraid of making the
server crash. Anyone wants to give it a try?
>
> > > The %{User-Password} is giving an encrypted version of the actual
password
> > > typed by the user.
> > > Is there another variable containing the actual password typed by the
RAS
> > > user ?
> > > If not, how can I decrypt the User-Password variable.
> > >
> >
> > I think you will have to write a PreAuthHook to decode the password and
store
> > it in a pseudo-attribute in the packet for later use by your AuthBy SQL.
There
> > are some example hooks in the patches area that will help you:
> >
> > http://www.open.com.au/radiator/downloads/patches-2.15/hooks.txt
> >
> > You will need to use the "decode_password" routine in Radius.pm. Note
that this
> > will only work with PAP requests from your NAS(s) as it is impossible to
> > decrypt CHAP passwords.
> >
> > hth
> >
> > Hugh
> >
>
>
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
