Santiago Balaguer García wrote:
Hi,
I want the 'san0001' user has two passwords. There is in my radcheck table:
Username | Attribute | op | value ------------------------------------ san0001 Password ?? santi1 san0001 Password ?? santi2
Which op value have to use (=, :=, +=, ==) ?
Multiple valid passwords for a single user is a bad idea for a host of reasons. On top of that the username field should be a unique primary key disallowing duplicates enforced by the SQL database. I have no clue what it means to query a username and get multiple rows back and I suspect the internal code would be confused by this as well (note I have not looked at the code in question, but I would suspect it would do one of two things, use the first row returned or fail with an error if multiple rows). The concept of iterating over multiple rows until a password finally works is so dubious I would be most surprised if it were coded this way (and if it was I'd consider it a bug and security flaw). The short answer is don't do this and don't expect the server to work this way. -- John Dennis <jdennis@redhat.com> Looking to carve out IT costs? www.redhat.com/carveoutcosts/