stored md5 password verify with ISE mysql integration?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-02-2017 11:04 PM - edited 02-21-2020 10:35 AM
hi
how can i verify stored md5 hash password on mysql with ISE ODBC store procedure. no problem with stored cleartext passwd
example ;
mysql> select * from users;
+---------+----------+----------------------------------+
| user_id | username | password |
+---------+----------+----------------------------------+
| 1 | murat | password |
| 4 | test1 | 2ac9cb7dc02b3c0083eb70898e549b63 |
+---------+----------+----------------------------------+
store procedure with cleartext ; ( murat user is working at auth.)
DELIMITER //
CREATE DEFINER=`root`@`localhost` PROCEDURE `ISEAuthUserPlainReturnsRecordset`(username varchar(64), password varchar(255))
begin
IF EXISTS (select * from users where users.username = username and users.password = password.) THEN
select 0,11,'This is a very good user, give him all access','no error';
ELSE
select 3, 0, 'odbc','ODBC Authen Error';
END IF;
end //
store procedure with md5 ; (test1 user not working)
DELIMITER //
CREATE DEFINER=`root`@`localhost` PROCEDURE `ISEAuthUserPlainReturnsRecordset`(username varchar(64), password varchar(255))
begin
IF EXISTS (select * from users where users.username = username and users.password = md5(password)) THEN
select 0,11,'This is a very good user, give him all access','no error';
ELSE
select 3, 0, 'odbc','ODBC Authen Error';
END IF;
end //
- Labels:
-
Other NAC

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-03-2017 01:04 PM
second store procedure worked when i write md5 upper case and basic authentication (PAP) provided.
But i need the PEAP(mschapv1/2) Auth, thats why i need change the following store procedure "ISEFetchPasswordReturnsRecordset".
how can i make a change this the query for hashed password verification.?
do you have any experience?
Thanks...
DELIMITER //
CREATE DEFINER=`root`@`localhost` PROCEDURE `ISEFetchPasswordReturnsRecordset`(username varchar(64))
begin
IF EXISTS (select * from users where users.username = username ) THEN
select 0,11,'This is a very good user, give him all access','no error', password from users where users.username = username;
ELSE
select 3, 0, 'odbc','ODBC Authen Error';
END IF;
end //
