I have proprietary web application which stores user password in form of sha1$79b2c$b3704ec5703ef28ded379cf6c6de4c4160aa029b. This is a salted sha1 hash.
I want to use this presaved information for freeradius as well. Crypt-Password attribute is defined in radius but AFAIK it is just md5 hash of the password. I tried this but this didnt work as I expect. How can I use the same ceredentials for user validating in freeradius? Is it possible to run some script and accept accrding to its return value?
If I change the propietary web application to save user credntials on another form, what should I choose to be compatible with Freeradius? EXcept for Cleartext and MD5.
I have found how to do for the question part b:
The form sha1$79b2c$b3704ec5703ef28ded379cf6c6de4c4160aa029b has parts as: sha1$SALT$SALTEDPASSWORD
In Radius this is named as SSHA-Password Ref: http://www.packtpub.com/article/freeradius-authentication-storing-passwords Ref: http://freeradius.org/radiusd/man/rlm_pap.txt
1- Use the script in Ref1 to create a Salted SHA1 hash. prop-to-ssha.pl UserClearPass SALT
Output of this can be assgined to the attribute
SSHA-Password := OUTPUTOFPERLSCRIPT
And this works. I can automate my proprietary aplication and also create a radius password entry while creating users.
For part a of the question, I have no answers yet.
This works in Java
You can now add 'hashPass' in RadCheck table with 'SSHA-Password' attribute. Base64 and DigestUtils are from Apache Commons.