Provided by: freeradius-common_3.2.0+dfsg-1_all bug


       rlm_digest - FreeRADIUS Module


       The  rlm_digest  module authenticates RADIUS Access-Request packets that contain Cisco SIP
       digest authentication attributes.  The module  should  be  listed  in  the  authorize  and
       authenticate sections of radiusd.conf.


       The  digest  module  requires no additional configuration items.  When it is being used to
       authenticate requests, however, it does require access to the clear-text password for  the
       user.  Hashed passwords are not acceptable, and will not work.


       Add the following lines to the top of your 'raddb/users' file:

       test Auth-Type := Digest, User-Password = "test"
            Reply-Message = "Hello, test with digest"

       Once  the  server has been started (debugging mode is recommended), use 'radclient to send
       the following packet to the server:

       $  radclient -f digest localhost auth testing123

       Where 'digest' is a file containing:

         User-Name = "test",
         Digest-Response = "631d6d73147add2f9e437f59bbc3aeb7",
         Digest-Realm = "testrealm",
         Digest-Nonce = "1234abcd",
         Digest-Method = "INVITE",
         Digest-URI = "",
         Digest-Algorithm = "MD5",
         Digest-User-Name = "test",
         Message-Authenticator = ""

       You should see the authentication succeed.


       authorize, authenticate


       /etc/freeradius/3.0/radiusd.conf, draft-sterman-aaa-sip-00.txt


       Alan DeKok <>

                                          31 March 2005                             rlm_digest(5)