Help: FreeRadius Users with multiple passwords
Duong Manh Truong
ngoahotanglongbk at gmail.com
Mon Nov 21 02:52:28 CET 2011
What i did is that: With each user (Uid) , i created multiple "userpassword
then, while authenticating, OpenLDAP will compare the input password with
all the created password values --one by one
If the input matched any one of the created pass => Access - Accept
I also know that my scenario is somehow strange and not good, but it is
really what i need!
My policy is : with 1 user, just sends one pass in the "password pool" for
his authentication becoming successfully
(Access - Accept)
Vào 22:31 Ngày 18 tháng 11 năm 2011, John Dennis <jdennis at redhat.com> đã
On 11/18/2011 06:20 AM, Duong Manh Truong wrote:
>> Thanks for your reply :)
>> I have a better news that: By using OpenLDAP for FR Authen & Authorization
>> => I can configure multiple passwords for each user (Uid)
>> and use 1 of those passwords for successfully Authentication!
>> Although it is done manually now, but somehow it solves the matter !
>> If anyone have experienced this, please give some advices !
>> Example: How to do it automatically or
>> How to create a pool of passwords then use the pool for multiple users :)
> Not exactly sure what you did, ldap does have the concept of multi-valued
> attributes but that won't be of any use to you even if you set multiple
> values for one attribute type (e.g. name). Why? The radius server can only
> use one password for a user, not exactly sure what it will do if it get
> more than one back from ldap, I assume it just picks the first one (where
> first is probably non-deterministic).
> The bottom line is there must be a one-to-one mapping between users and
> passwords. User's should have just one password, this is good practice. If
> you want to write custom code you can bypass the limitation but really
> really don't want to do that.
> Accept it as a given, 1 user, 1 password
> Also please be courteous and trim your emails of non-relevant text.
> John Dennis <jdennis at redhat.com>
> Looking to carve out IT costs?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Freeradius-Users