[Fedora-directory-users] Freeradius authentcation with FDS - password types.
Pete Rowley
prowley at redhat.com
Wed Feb 15 19:30:56 UTC 2006
Jon Steer wrote:
>I am attempting to authenticate freeradius with FDS The issue seems
>to be the passwords that are handed back from FDS
>
>Environment:
> OS: Fedora 4
> FreeRadius : 1.0.4
> FDS: 1.0.1
>
>I am using inetOrgPerson and passing back userPassword. But it seems
>that no matter which password encoding I use, freeRadius doesn't seem
>to understand it.
>
>
>
I am not quite sure what FreeRadius is trying to do here, but it is bad
form to require that the server return the password attribute - it
should only ever be tested against or otherwise manipulated by FDS. A
quick google for "freeradius ldap" suggests that it does not in fact
require clear text passwords and does a bind (as it should) for password
tests :
http://lists.cistron.nl/pipermail/freeradius-users/2002-July/008715.html
As your other post indicates, requiring such things tends to lead to
less security, including how you decide to store the passwords in FDS
(which by default are deliberately stored using a one way hashing scheme)
--
Pete
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3241 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20060215/b3138900/attachment.bin>
More information about the Fedora-directory-users
mailing list