I am trying to find a way to authenticate users connecting via L2TP/IPSEC to my Clavister, and would like to use RADIUS to authenticate them. My challenge is the following.
1) My users select their L2TP/IPSEC password by signing up to a Wordpress site (I would like them to have the same password for Wordpress as for my Clavister L2TP/IPSEC).
2) Wordpress uses one way MD5 encryption when storing the password, with a function called wp_hash_password() as described here https://codex.wordpress.org/Function_Re ... h_password.
3) I copy the User ID and encrypted Password from Wordpress over to a table in RADIUS.
3) That means the passwords I will have stored in my RADIUs database for each user, will be encrypted by the Wordpress function.
When the user connects via L2TP/IPSEC, the password is transferred in clear text to the Clavister firewall. And I cannot compare a clear text password with an MD5 password in RADIUS. If I could find a way to apply the same wp_hash_password() function to the password "in between" Clavister and RADIUS, I would be able to compare the two MD5-hashed strings, which would work.
Now my question: does anyone know if it is possible to either apply this specific Wordpress MD5 hash from within Clavister, before the password is sent to RADIUS for lookup? Or as an alternative, if RADIUS can be set up in such a way that it applies the wp_hash_password() on the password as it receives it, before comparing? Or if this requires some other solution, and if so what?
Most grateful for help.
With best regards
Security Gateway Discussions
1 post • Page 1 of 1