rlm_pap code tidy
Matthew Newton
mcn4 at leicester.ac.uk
Wed Oct 3 18:53:42 CEST 2012
Hi,
On Sat, Sep 29, 2012 at 06:58:00AM +0200, Alan DeKok wrote:
> Matthew Newton wrote:
> > As another thought, maybe rlm_pap should now also refuse to auth
> > against a password in User-Password? I moved the warning over from
> > auth.c, but pap still allows it to work. 3.0 would seem to be a
> > good place to finally break this.
>
> It's probably a good idea. Doing the User-Password thing breaks many
> authentication types. It's time to NOT be backwards compatible with 10+
> years of stupidity.
>
> Cleartext-Password has been around since 1.1.3. It's time people used it.
On this basis, I've made a new patch which removes User-Password
checking from rlm_pap auth entirely, and moves the warning from
auth back to the autz (but then fails auth).
> > I guess it's a balance between forcing the Right Thing, and the
> > number of questions on freeradius-users... although I guess they
> > will be many when 3.0 is released anyway.
>
> Hopefully the documentation will be clear on the subject. See
> raddb/README.md. It explains the upgrade process.
There's also a patch which adds a warning to the documentation
that User-Password should be updated to Cleartext-Password.
Both at https://github.com/mcnewton/freeradius-server/commits/rlm_pap_tidy
Cheers,
Matthew
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Devel
mailing list