30 Jan
2006
30 Jan
'06
4:20 p.m.
I think the limitation may be on the client side for that. Usually,
username/password authentication is done using a www_challenge response (which
uses md5 hashes to send data so it's not wholly insecure). Since this is being
done, all your Radius server will get is likely to be md5'd passwords.
I'm not sure it could be done without rewriting SOMEthing. At the very least,
you'd have to rewrite the auth_radius module to handle something other than a
digest response.
N.
On Mon, 30 Jan 2006 16:05:20 +0100, Zoran Milic wrote
I have a custom made RADIUS server, which doesn't
use md5, and I'm
not keen on writing md5 hashig funcions. Beside, my RADIUS server is
in the same room as the SER server so I am not afraid of sniffing or
something. Has anybody tried it with out MD5? (that is, if there is
a way to do so.)
Zoran
On Monday 30 January 2006 15:30, sip wrote:
On Mon, 30 Jan 2006 15:27:11 +0100, Zoran Milic
wrote
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers Hi,
Is it possible to use radius WITHOUT MD5 hashing? Instead, I wish
to send user and pass as plain text.
You really DON'T want to do that. You only THINK you do. ;)
Seriously, though, why would you want to try and bypass your own best hope
of password security?
N.