From: Herwin Weststrate Date: Wed, 3 Feb 2016 13:43:28 +0000 (+0100) Subject: Removed some outdated/obsolete README files X-Git-Tag: release_3_0_12~249^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F1523%2Fhead;p=thirdparty%2Ffreeradius-server.git Removed some outdated/obsolete README files --- diff --git a/src/modules/rlm_mschap/README b/src/modules/rlm_mschap/README deleted file mode 100644 index e4b473fd3d0..00000000000 --- a/src/modules/rlm_mschap/README +++ /dev/null @@ -1,92 +0,0 @@ -New features were added: -+ LM support to MS-CHAP -+ support for SAMBA passwd files. It introduces new files smbpass.c and - smbpass.h -+ support for MS-CHAPv2. SHA1 digest support was added (sha1.c, sha1.h) -! module is configurable via radiusd.conf and supports instances -! module supports both authorization and authentication. Authorization - sets authentication to MS-CHAP if any NTLM-related things found. - During authorization new attributes added to config_items: - LM-Password - LM-encoded password - NT-Password - NT-encoded password - SMB-Account-CTRL - account control flags in SAMBA format - During authentication these attributes are checked against data - provided by NAS. -- RFC 2433 text with MS-CHAPv1 removed. Microsoft attributes are covered - by RFC 2458, MS-CHAPv2 - RFC 2759. You can obtain them from - www.rfceditor.org - -ZARAZA, -3APA3A@security.nnov.ru - -Below is original README by Jay Miller - -This is a partial implementation of MS-CHAP for FreeRadius. The patch -was designed for Cistron-Radius 1.6.4, but the changes to source are -pretty minimal and should work with previous versions. It is based on -RFC 2433, which is included with this package. - -I have tested this successfully using Windows 98 and Windows 2000 with Cisco -AS5300 terminal servers. I have not tested it in any other environment, so -I can't guarantee it's success everywhere. I also don't have time to do -much troubleshooting, though I am interested to hear about problems anyone -might have. If you can fix a problem, then I will incorporate the fix into -the distribution. - -Files included: -mschap.c - MS-CHAP functions -mschap.h - Definitions and prototypes -md4c.c, md4.h - RSA Data Security, Inc. MD4 Message-Digest Algorithm -desport.c, - deskey.c, - des.h - Fast DES by Phil Karn (portable C version) -rfc2433.txt - RFC upon which this algorithm is based - - -ABOUT MS-CHAP - -I was driven to write this when a large customer demanded that they be -able to check "Require Encrypted Password" in their Windows Dial-up -Networking. Testing showed me that, in Windows 2000 at least, this meant -MS-CHAP. If you want to specify CHAP, then Windows 2000 requires you to -select "Allow unencrypted password". Duh. - -MS-CHAP is similar to CHAP. The NAS creates a challenge string and gives it -to the client. The client then uses the password to encrypt the challenge -and gives it back to the NAS, who then gives them both to Radius. Radius -performs the same encryption of the challenge string using the locally stored -password, then compares the result to the response from the client. - -The difference between MS-CHAP and CHAP is in the encryption method. CHAP -performs one MD5 hash to get the response. MS-CHAP first encrypts the password -with MD4. It then pads the 16-byte hash out to 21 bytes and divides this -string into 3 parts. Each 7-byte part is used as a key for a DES encryption -of the challenge string. The 8-byte results are then concatonated together -into a 24-byte response. - -The method just described is called NT-encryption by the RFC. MS-CHAP is -actually designed for compatability with Microsoft LAN Manager as well. -The response returned by the client actually contains an LM encrypted -response as well as the NT-encrypted password. This implementation only -uses the NT-encrypted response, which seems to work fine for Windows 98 -and Windows 2000. The RFC also has a number of other specs for allowing the -user to change password and things like that. None of that has been -implemented here. - -A useful extension of this would be in the local storage of passwords. -Theoretically you should be able to store the MD4 hash rather than the -plain text password. Then the algorithm could pick it up at the next -step and still calculate the result. The trouble is that MD4 produces a -binary hash. That is, any values from 0 to 255 is a valid byte, and I -don't know how to store this in a users file. If it can be done, then -we could add a check attribute called "MS-CHAP-Hash" instead of password -and get both an encrypted protocol and encrypted password storage at the -same time (CHAP requires plain text passwords, while Crypt-Pass requires -an unencrypted protocol). - -If you find this useful, please send me a note just so I can feel good -about myself. - -Jay Miller -Columbia, MO, US -jaymiller@socket.net diff --git a/src/tests/modules/sql/README b/src/tests/modules/sql/README deleted file mode 100644 index b5e79e2f530..00000000000 --- a/src/tests/modules/sql/README +++ /dev/null @@ -1,7 +0,0 @@ -All SQL related tests should be defined here and the driver specific directory need only have links to the tests defined here. - -All User-Name attributes, Acct-Session-Id, and Acct-Multi-Session-Id attributes - - MUST BE UNIQUE FOR EVERY TEST. - -Otherwise the tests will stomp on each other when run in parallel.