search

retailnext / node-radius

Node.js RADIUS library for packet encoding and decoding.
Other
200 stars 60 forks source link

RFC2865 Chap-Password support #22

Closed nusnewob closed 9 years ago

nusnewob commented 9 years ago

Hi,

According to the doc this supports password encryption types listed in RFC2865 User-Password section, does it include Chap-Password section in RFC2865? Thanks.

psanford commented 9 years ago

Currently there is no special handling of CHAP passwords. You can get/set the chap-password from the attributes yourself, but you will need to handle the encoding and verifying of that field yourself.

We would be happy to take a pull request to add support for CHAP passwords. I imagine an api that would look something like this:

// encode takes the cleartext password and a challenge and encodes the CHAP-Password and CHAP-Challenge attributes in the packet 
var packet = radius.encode({
  code: "Access-Request",
  secret: "obsidian order",
  chap: {
    password: 'tailoredfit',
    challenge: new Buffer("f33033ae203eb9c27e65eaa45d2106d2", "hex"),
  }
  attributes: [
    ['NAS-IP-Address', '10.5.5.5'],
    ['User-Name', 'egarak'],
    ['Vendor-Specific', 555, [['Real-Name', 'arobinson']]]
  ]
});

// decode will verify the chap password and throw an exception if the packet does not match
radius.decode({
  packet: packet, 
  secret: "obsidian order",
  chap: { password: "tailoredfit" },
});
exculibar commented 5 years ago

I use node-radius and node-chap made a simple project which supports PAP / CHAP / MSCHAPv1 / MSCHAPv2 authentication.

https://github.com/exculibar/nadius