Earlier today I was throwing together a five-minute RADIUS server using FreeRadius. The idea was to quickly get it to authenticate users from an existing MySQL table on a database server.

Unfortunately the existing table only has the user's password in an MD5 format, and as far as I'm aware FreeRadius doesn't deal with MD5 passwords except in EAP (which this is not). Herein lies the dodgy hack.

First, as this system is a throwaway that only needs to do basic authentication - let's dodge up a quick view with the data in the following standard FreeRadius table. Please note that field names have been changed to protect IP.

CREATE VIEW `radcheck` AS SELECT primkey AS id, name_user AS UserName, 'Cleartext-Password' AS Attribute, ':=' AS op, password AS Value FROM otherdb.othertable;

Strictly the above isn't necessary, as you can configure the FreeRadius queries as you wish. The aim of this is to minimise the changes made to the freeradius configuration.

Once that's done, I modified the FreeRadius configuration so instead of the standard query which grabs all the fields out of the table, to do the following:

authorize_check_query = "SELECT id, UserName, Attribute, IF( MD5('${User-Password}') = Value, ${User-Password}, Value ) as Value, op FROM ${authcheck_table} WHERE Username = '%{SQL-User-Name}' ORDER BY id"

This dodgy little statement forces MySQL to compare the MD5 of the plaintext password in the radius request against the MD5 in the database. If they match, it will return the specified plaintext (which will match later) and pass. Otherwise it will return the MD5 password from the table.

I should state that this actually allows two passwords for the user, their actual password or the MD5 of their password. For the purposes of this exercise the tradeoff was acceptable (though there are arguments that this isn't so bad anyway).

Really dirty hack, but I thought it was a novel solution to the problem :P

Okay so my lovely partner was apparently up at all hours engaged in a riveting conversation with a good friend of ours. Chatting to him afterwards it sounds like it was a very epic conversation, so I felt obliged to say something about my beliefs. Actually, I've been meaning to post something about this for a while (hooray for the little extrovert who *could*!), so it's as good enough excuse as any.

Already I've used the obligatory and self-indulgent words like beliefs, values, and a liberal dash of italics to boot - so I should make one thing clear:

I don't really beleive in anything

Yeah that's right, religiously speaking: I'm an Agnostic Atheist. No, that doesn't mean I'm sitting on the fence, really. I don't think too much about Heaven, Hell and the afterlife - because, well - let's be honest - it's not exactly straightforward and it hurts to think about it.

But that's not to say I'm closed to the idea of [insert religious postulation here], but as someone who likes to think in the abstract, I can't sit down and accept a concept on the basis of this-is-the-way-it-is without studying the various aspects of it and figuring out how it ticks. If I could, that would be faith.

So I'm sitting on the fence after all it seems... But here's my core belief:

It doesn't matter what you beleive in, as long as your beleifs don't cause your actions to restrict others from freely excercising *their* beleifs

I don't think theres many people out there who would disagree that this seems like a reasonable and fairly straightforward way to govern your actions as an individual. And if you do, guess what - that's nice dear, unless you're screaming some foreign language and running with me with a machete, I don't mind that you disagree.

And if I'm wrong about there being any greater power upstairs (or downstairs, or flying and made of spaghetti), I don't beleive any benevolent force could possibly find fault with someone who lives their lives by those rules.

Okay, so I'm not a big fan of Windows Vista or it's service pack successor, Windows 7.

In the months since my last rant, I've been running Windows 7 on my work laptop - and the results have been, well... pleasing...

Okay, so it still killed about 700gb of my data when hot-swapping SATA drives on the RC. It killed Quicklaunch, and explorer looks like a retarded pug dog - but gosh darn it if I haven't started to adapt...

I've managed to adjust to the search bar, which I was kind of expecting - you type what you want and it loads, well... almost. There's still a few bugs where the selection loses focus, and I'm still switching to/from XP and 7 - so I'm constantly typing Start, then r, followed by what I want (often ending up with something like 'rmstsc' or 'rnotepad' - but on the whole it's do-able.

Once you configure your browsers to stop pushing your downloads into the pesky download folder and start putting them back somewhere sensible, it works quite well. The explorer UI is fooked, but still navigatable by the keyboard even though it loses your folder preferences (everything turned off, folders don't retain view configuration, all folders have the same base view configuration).

All I need to do now is move my storage onto a seperate machine (I'm not ready to trust almost 5TB of data to Vista/7 after last time), and I think I'm comfortable enough to run Windows 7 as my primary OS.

Big news. But that depends on me getting around to doing my storage project. Yeah, don't hold your breath :P