Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-37625

Included PEAR Crypt_CHAP library uses obsolete mhash() code which breaks RADIUS auth support in some PHP 5.3 installs

    XMLWordPrintable

Details

    • Any
    • MOODLE_22_STABLE, MOODLE_23_STABLE, MOODLE_24_STABLE
    • MOODLE_23_STABLE, MOODLE_24_STABLE
    • MDL-37625-master
    • Hide

      Requirements

      1. a RADIUS server
      2. the PHP RADIUS extension installed and available on the web server of your Moodle testing site

      Testing steps

      1. log into your Moodle test site as a system administrator
      2. configure the RADIUS auth plugin in Moodle by going to the following path in the Settings block – Site administration -> Plugins -> Authentication -> Manage authentication
      3. enable and configure the RADIUS server plugin so that it communicates with your RADIUS server
      4. log out of the Moodle site
      5. attempt to log into the Moodle site using the credentials for a test user from the RADIUS server
      6. you should be able to successfully log in and have a new account created for you if you have never logged in with that user before
      Show
      Requirements a RADIUS server if you don't have one available you can setup one using FreeRADIUS – http://freeradius.org/ the PHP RADIUS extension installed and available on the web server of your Moodle testing site Testing steps log into your Moodle test site as a system administrator configure the RADIUS auth plugin in Moodle by going to the following path in the Settings block – Site administration -> Plugins -> Authentication -> Manage authentication enable and configure the RADIUS server plugin so that it communicates with your RADIUS server log out of the Moodle site attempt to log into the Moodle site using the credentials for a test user from the RADIUS server you should be able to successfully log in and have a new account created for you if you have never logged in with that user before

    Description

      The PHP mhash module is obsoleted by the hash module (the latter of which is a required extension for current Moodle installs).

      The Crypt_CHAP PEAR library that is currently included with Moodle uses mhash() calls which breaks on some PHP 5.3 installs due to the mhash extension not being available. This was a bug reported, fixed and released for this PEAR library in 2010.

      Note: It looks like Red Hat Linux does not even have the mhash module available for install but Debian-based distros do include it (even with PHP 5.4). This is output from my Debian workstation:

      • $ php --version
        PHP 5.4.4-12 (cli) (built: Jan 21 2013 10:32:30) 
        Copyright (c) 1997-2012 The PHP Group
        Zend Engine v2.4.0, Copyright (c) 1998-2012 Zend Technologies
            with Xdebug v2.2.1, Copyright (c) 2002-2012, by Derick Rethans
         
        $ php -m | grep hash
        hash
        mhash
        

      Attachments

        Issue Links

          Activity

            People

              jfilip Justin Filip
              jfilip Justin Filip
              Dan Poltawski Dan Poltawski
              Sam Hemelryk Sam Hemelryk
              David Monllaó David Monllaó
              Votes:
              5 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                11/Mar/13