Questions regarding authentication systems and protocols to password types compatibility

Alan DeKok aland at
Fri Apr 20 13:28:29 CEST 2007

Reimer Karlsen-Masur, DFN-CERT wrote:
> Which freeradius modules can be used for the *simple password store*?
>   files (the users file)
>   unix
>   pam
>   ldap
>   sql (?)

  Not PAM.

> Could you please complete this list? Are these entries ending up in the
> authenticate or authorize or both sections of the freeradius config?

  Databases don't do authentication.  They do not get listed in the
"authenticate" section.

  As for completing the list, it really depends.  You can configure many
modules to add a clear-text password for the user.  Please read
radiusd.conf, and the documentation for examples.  I'm not going to
re-type all that here.

> How do I differ within the ldap module configuration if I do an ldap
> authentication via the *oracle* or if I *retrieve* (additional) attributes
> for a user like e.g. his password?

  See the documentation for the LDAP module.

> Is the difference that the 'ldap' entry shows up in the 'authenticate'
> section for attribute retrieval use  (plain password store) which I have
> configured here and believe to be working and in the 'authorize' section for
> oracle use?

  You have that completely backwards.

  Alan DeKok.
--       - The web site of the book - The blog

More information about the Freeradius-Users mailing list