Matthew Newton wrote:
As another thought, maybe rlm_pap should now also refuse to auth against a password in User-Password? I moved the warning over from auth.c, but pap still allows it to work. 3.0 would seem to be a good place to finally break this.
It's probably a good idea. Doing the User-Password thing breaks many authentication types. It's time to NOT be backwards compatible with 10+ years of stupidity. Cleartext-Password has been around since 1.1.3. It's time people used it.
I guess it's a balance between forcing the Right Thing, and the number of questions on freeradius-users... although I guess they will be many when 3.0 is released anyway.
Hopefully the documentation will be clear on the subject. See raddb/README.md. It explains the upgrade process. Alan DeKok.