18 May
2011
18 May
'11
11:33 a.m.
Brian Candler wrote:
Has anyone made a patch to rlm_pap and rlm_chap so that it supports multiple instances of Cleartext-Password? The idea would be to succeed if the incoming request matches any one of them.
My $0.02 is to use rlm_perl, and do the password comparison yourself.
(This could be helpful for a migration where a user could be logging in with one of several variants of the password in the database)
I see how that's useful, but that kind of thing worries me a lot. It can be used/abused in many ways. I could see the code going in for 3.0, but only in a way where it takes work to enable it. Otherwise, most people using it will get it wrong. Alan DeKok.