Time for action – hashing our password
We will replace the Cleartext-Password AVP in the users file with a more secure hashed password AVP in this section.
There seems to be a general confusion on how the hashed password should be created and presented. We will help you clarify this issue in order to produce working hashes for each format.
A valuable URL to assist us with the hashes is the OpenLDAP FAQ:
http://www.openldap.org/faq/data/cache/419.html
There are a few sections that show how to create different types of password hashes. We can adapt this for our own use in FreeRADIUS.
Crypt-Password
Crypt password hashes have their origins in Unix computing. Stronger hashing methods are preferred over crypt, although crypt is still widely used.
- The following Perl one-liner will produce a crypt password for
passmewith the salt value of 'salt':#> perl -e 'print(crypt("passme","salt")."\n");' - Use this output and change Alice's check entry...
