[freeside] Passwords over 12 chars
ivan at 420.am
ivan at 420.am
Mon Sep 1 21:08:25 PDT 2003
On Sun, Aug 31, 2003 at 10:08:29PM -0700, Kristian Hoffmann wrote:
> When freeside exports to radius, it assumes any password longer than 12
> characters is a crypt password, following with the standard. This is done
> because some people import crypt passwords into freeside and this is the
> only real way to determine if a password is plain text or crypt.
>
> To tell you the truth, I ran into the same problem. I'm planning on
> writing a patch to fix it, but I don't know what the best way to fix it
> would be.
Need another field in svc_acct for password encryption/encoding, values
like "none", "des" "md5", "blowfish". Ticket 131 in the bug tracking
system. Patches appriciated; this is high priority for 1.5.0.
--
_ivan
> In the meantime, <horrible kluge>I just modified the passwords
> in the exported radius database</horrible kluge>.
>
> -Kristian
>
> On Sun, 31 Aug 2003 troyh at netsignia.net wrote:
>
> > > On Sat, Aug 30, 2003 at 06:42:09PM -0400, Rob Charles wrote:
> > >> Anything after 8 characters does not matter anyways, it's a UNIX
> > >> thing....
> > >>
> > >> :)
> > I am not speaking of a unix password. I am speaking of a export with
> > sqlradius. If the password is 13 or more then the attrb field is changed
> > to Crypt-Password.
> >
> > >
> > > Only with DES encrypted passwords. MD5 and Blowfish will encrypt a, for
> > > practical purposes (IIRC, 1024), unlimited length password. Both those
> > > also require a much wider encrypted password field.
> > >
> > > MD5 is the default on FreeBSD and my one Redhat 7.2 box. Blowfish is the
> > > default on OpenBSD.
> > >
> > > --
> > > Scott Lambert KC5MLE Unix
> > > SysAdmin
> > > lambert at lambertfam.org
> > >
> >
> >
>
--
_ivan
More information about the freeside-users
mailing list