From owner-freebsd-isp  Thu Jun 26 00:29:41 1997
Return-Path: <owner-isp>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id AAA08522
          for isp-outgoing; Thu, 26 Jun 1997 00:29:41 -0700 (PDT)
Received: from mailbox.hogia.net (mailbox.hogia.net [195.100.64.5])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id AAA08516
          for <freebsd-isp@FreeBSD.ORG>; Thu, 26 Jun 1997 00:29:38 -0700 (PDT)
Received: from enterprise.hogia.net (sa@enterprise.hogia.net [195.100.64.3]) by mailbox.hogia.net (8.8.5/8.6.9) with SMTP id JAA08469; Thu, 26 Jun 1997 09:29:18 +0200
Date: Thu, 26 Jun 1997 09:29:29 +0200 (MET DST)
From: Sebastian Andersson <sa@hogia.net>
To: "Tom T. Thai" <tomthai@future.net>
cc: freebsd-isp@FreeBSD.ORG, linuxisp@friendly.jeffnet.org
Subject: Re: system passwd to RADIUS
In-Reply-To: <Pine.BSD.3.91.970625184623.237A-100000@dream.future.net>
Message-ID: <Pine.LNX.3.95.970626091712.12396A-100000@enterprise.hogia.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-isp@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 25 Jun 1997, Tom T. Thai wrote:

> Any one know how to convert a unix password file to RADIUS? I think doing 
> a few thousand by had is very tedious :< Also, anyway to decrypt the 
> password with SU access?

Some radius servers can use the encrypted password file by specifying
UNIX as the password. This prevents the users from using CHAP though.
You could start with this and as users change their passwords you store
the new password in the radius database.
Unless you use some UNIX without encryption (as my old NetBSD system on my
amiga500 ;-) it is very hard to recover the password from the passwd file
since it uses a one way hashing algorithm. The crack program can be used
to try to find passwords but it will only find bad passwords in a
reasonable time.
If your users use POP, ftp or telnet to your computer you can patch those
servers to store the username and password to a file or run a sniffer to
capture the info.

/Sebastian

See http://www.hogia.net/keys/sa-pgp.asc for public pgp key.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBM7IaW8Vx5kJf+XX1AQF06wP8DFOc3jdTNQxFbgjMJVv7DfjiQ7e+4WLJ
PBjf+lgz5dQS+cRy4z/gVqZuozx9sP7SuvzBbKuSFtnusxxb29xgPlITzb6TluxU
/6eMzR4aUr07CjBvDYGb1dDrGqowT+fit4O140AzitaFpTyf9OT190r/RJvo/f3h
HZKvLHxRgq4=
=FZev
-----END PGP SIGNATURE-----