Freeradius with existing asp.net identity DB

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Freeradius with existing asp.net identity DB

Simon Coy
Hello,



I would like to attach a Freeradius instance to an existing database of users/passwords.  ASP.net identity stores passwords with the following hashing specification:



         * PBKDF2 with HMAC-SHA256, 128-bit salt, 256-bit subkey, 10000 iterations.

         * Format: { 0x01, prf (UInt32), iter count (UInt32), salt length (UInt32), salt, subkey }

         * (All UInt32s are stored big-endian.)



Does anybody know if this is compatible with Freeradius out of the box?



I can see from the docs that SHA-2 is supported but it's not clear to me whether the above configuration will work.



Many thanks,

Simon

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Reply | Threaded
Open this post in threaded view
|

Re: Freeradius with existing asp.net identity DB

Alan DeKok-2
On May 8, 2017, at 7:57 AM, Simon Coy <[hidden email]> wrote:
> I would like to attach a Freeradius instance to an existing database of users/passwords.  ASP.net identity stores passwords with the following hashing specification:
>
>         * PBKDF2 with HMAC-SHA256, 128-bit salt, 256-bit subkey, 10000 iterations.
>
>         * Format: { 0x01, prf (UInt32), iter count (UInt32), salt length (UInt32), salt, subkey }
>
>         * (All UInt32s are stored big-endian.)
>
> Does anybody know if this is compatible with Freeradius out of the box?

  It's not supported.

> I can see from the docs that SHA-2 is supported but it's not clear to me whether the above configuration will work.

  If it was supported, the documentation would say so.

  It shouldn't be hard to add, tho.  As always, patches are welcome.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html