[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-gnu-radius] CHAP with Exec-Program-Wait
|
From: |
Sergey Poznyakoff |
|
Subject: |
Re: [Help-gnu-radius] CHAP with Exec-Program-Wait |
|
Date: |
Wed, 11 Sep 2002 10:36:48 +0300 |
> I need external authorization with Exec-Program-Wait attribute and CHAP
> protocol. First of all I'm write test program to see what NAS send me.
> It only reads incoming arguments and prints them to the file.
[...]
> And so, in auth.log I see only 3 parameters (CHAP-Password is empty).
> How I must calculate correct this password or not?
First, note that each authentication request can contain either
Password or CHAP-Password attribute, never both.
The value of Password attribute is decrypted before passing it
to the external program as an argument. The value of CHAP-Password
is not. So, if you are planning to use it in your program, you
will have to apply a simple patch to radiusd/radutil.c:
Index: radiusd/radutil.c
===================================================================
RCS file: /cvsroot/radius/radius/radiusd/radutil.c,v
retrieving revision 1.25.2.1
diff -p -u -w -b -r1.25.2.1 radutil.c
--- radiusd/radutil.c 9 Jul 2002 11:39:25 -0000 1.25.2.1
+++ radiusd/radutil.c 11 Sep 2002 07:34:31 -0000
@@ -161,7 +161,9 @@ attr_to_str(obp, req, pairlist, attr, de
tmp[AUTH_STRING_LEN] = 0;
switch (attr->type) {
case TYPE_STRING:
- if (attr->value == DA_PASSWORD && req) {
+ if ((attr->value == DA_PASSWORD
+ || attr->value == DA_CHAP_PASSWORD)
+ && req) {
char string[AUTH_STRING_LEN+1];
int len;
req_decrypt_password(string, req, pair);
Regards,
Sergey