cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Bookmark
|
Subscribe
|
888
Views
0
Helpful
1
Replies

stored md5 password verify with ISE mysql integration?

murat001
Level 4
Level 4

hi

how can i verify stored md5 hash password on mysql with ISE ODBC store procedure. no problem with stored cleartext passwd

 

example ;

mysql> select * from users;
+---------+----------+----------------------------------+
| user_id | username | password                                                    |
+---------+----------+----------------------------------+
|       1 | murat          | password                                                     |
|       4 | test1           | 2ac9cb7dc02b3c0083eb70898e549b63     |
+---------+----------+----------------------------------+

store procedure with cleartext ;  ( murat user is  working at auth.)

DELIMITER //
CREATE DEFINER=`root`@`localhost` PROCEDURE `ISEAuthUserPlainReturnsRecordset`(username varchar(64), password varchar(255))
begin
IF EXISTS (select * from users where users.username = username and users.password = password.) THEN
select 0,11,'This is a very good user, give him all access','no error';
ELSE
select 3, 0, 'odbc','ODBC Authen Error';
END IF;
end //

store procedure with md5 ; (test1 user not working)

DELIMITER //
CREATE DEFINER=`root`@`localhost` PROCEDURE `ISEAuthUserPlainReturnsRecordset`(username varchar(64), password varchar(255))
begin
IF EXISTS (select * from users where users.username = username and users.password = md5(password)) THEN
select 0,11,'This is a very good user, give him all access','no error';
ELSE
select 3, 0, 'odbc','ODBC Authen Error';
END IF;
end //

 

 

1 Reply 1

murat001
Level 4
Level 4
hello again
second store procedure worked when i write md5 upper case and basic authentication (PAP) provided.
But i need the PEAP(mschapv1/2) Auth, thats why i need change the following store procedure "ISEFetchPasswordReturnsRecordset".
how can i make a change this the query for hashed password verification.?
do you have any experience?
Thanks...

DELIMITER //
CREATE DEFINER=`root`@`localhost` PROCEDURE `ISEFetchPasswordReturnsRecordset`(username varchar(64))
begin
IF EXISTS (select * from users where users.username = username ) THEN
select 0,11,'This is a very good user, give him all access','no error', password from users where users.username = username;
ELSE
select 3, 0, 'odbc','ODBC Authen Error';
END IF;
end //