NAME
rlm_digest - FreeRADIUS Module
DESCRIPTION
The rlm_digest module authenticates RADIUS Access-Request packets that
contain Cisco SIP digest authentication attributes. The module should
be listed in the authorize and authenticate sections of radiusd.conf.
CONFIGURATION
The digest module requires no additional configuration items. When it
is being used to authenticate requests, however, it does require access
to the clear-text password for the user. Hashed passwords are not
acceptable, and will not work.
EXAMPLES
Add the following lines to the top of your ’raddb/users’ file:
#---
test Auth-Type := Digest, User-Password = "test"
Reply-Message = "Hello, test with digest"
#---
Once the server has been started (debugging mode is recommended), use
’radclient to send the following packet to the server:
$ radclient -f digest localhost auth testing123
Where ’digest’ is a file containing:
User-Name = "test",
Digest-Response = "631d6d73147add2f9e437f59bbc3aeb7",
Digest-Realm = "testrealm",
Digest-Nonce = "1234abcd",
Digest-Method = "INVITE",
Digest-URI = "sip:5555551212@example.com",
Digest-Algorithm = "MD5",
Digest-User-Name = "test",
Message-Authenticator = ""
You should see the authentication succeed.
SECTIONS
authorize, authenticate
FILES
/etc/raddb/radiusd.conf, draft-sterman-aaa-sip-00.txt
AUTHOR
Alan DeKok <aland@ox.org>
31 March 2005 rlm_digest(5)