Currently with FreeRADIUS 1.0.5, if you want to do DIGEST authentication, the password has to be in clear text form. Digest authentication is the only way to use FreeRADIUS as authentication backend of a SIP proxy, such as SER or Asterisk. This patch [http://bugs.freeradius.org/show_bug. cgi?id=287] from Philippe Sultan enable one to store hashed value (HA1 value per RFC2617) instead of clear text password in database. He also has a page [http://www-rocq.inria.fr/who/ Philippe.Sultan/Asterisk/asterisk_sip_external_authentication.html] with more detailed explanation. I didn't attach a modified freeradius-1.0.5-whole-archive-gentoo.patch here for two reasons: 1. Philippe might update his patch later. 2. One can simply append his patch to freeradius-1.0.5-whole-archive-gentoo.patch (maybe with a few changes to the file name? I am not sure), and be done with it. I think this might help people running FreeRADIUS on Gentoo before FreeRADIUS release a version containing the patch. Reproducible: Always Steps to Reproduce: 1. 2. 3.
solved in freeradius-1.0.5-r1. it is controlled by frxp useflag; you should enable it before merging the new freeradius.