[Serusers] radius and md5
Zoran Milic
miliczo at sezampro.yu
Mon Jan 30 16:45:06 CET 2006
Thanks, I believe u are right.
Zoran
On Monday 30 January 2006 16:20, sip wrote:
> I think the limitation may be on the client side for that. Usually,
> username/password authentication is done using a www_challenge response
> (which uses md5 hashes to send data so it's not wholly insecure). Since
> this is being done, all your Radius server will get is likely to be md5'd
> passwords.
>
> I'm not sure it could be done without rewriting SOMEthing. At the very
> least, you'd have to rewrite the auth_radius module to handle something
> other than a digest response.
>
> N.
>
> On Mon, 30 Jan 2006 16:05:20 +0100, Zoran Milic wrote
>
> > I have a custom made RADIUS server, which doesn't use md5, and I'm
> > not keen on writing md5 hashig funcions. Beside, my RADIUS server is
> > in the same room as the SER server so I am not afraid of sniffing or
> > something. Has anybody tried it with out MD5? (that is, if there is
> > a way to do so.)
> >
> > Zoran
> >
> > On Monday 30 January 2006 15:30, sip wrote:
> > > On Mon, 30 Jan 2006 15:27:11 +0100, Zoran Milic wrote
> > >
> > > > Hi,
> > > > Is it possible to use radius WITHOUT MD5 hashing? Instead, I wish
> > > > to send user and pass as plain text.
> > >
> > > You really DON'T want to do that. You only THINK you do. ;)
> > >
> > > Seriously, though, why would you want to try and bypass your own best
> > > hope of password security?
> > >
> > > N.
> >
> > _______________________________________________
> > Serusers mailing list
> > serusers at lists.iptel.org
> > http://lists.iptel.org/mailman/listinfo/serusers
More information about the sr-users
mailing list