On 07/07/11 09:51, Equin Nix wrote:
Hi,
I am trying to set up something very basic (at least from my point of view): I would like to have a User with multiple passwords (two actually). How would I do this? I tried the following:
/alice Auth-Type=Local, Cleartext-Password := "test1" alice Auth-Type=Local, Cleartext-Password := "test2"/
Do not set Auth-Type. It's almost always wrong, and is certainly wrong in this case. It might be possible to have >1 password; but it will probably only work for PAP requests, unless you play carefully with module failover. It also probably won't work in the "users" file; this is because the "User-Password" attribute is handled specially here, as a compatibility synonym for Cleartext-Password. You could try something like this - define a second password attribute in raddb/dictionary: ATTRIBUTE Cleartext-Password2 3002 string ...then set both in the "users" file: alice Cleartext-Password := "foo", Cleartext-Password2 := "bar" ...then use unlang to perform the comparisons in sites-enabled/default: authorize { ... # read the passwords from "files" files # compare them if ((User-Password != control:Cleartext-Password) && \ (User-Password != control:Cleartext-Password2)) { reject } # probably need to set Auth-Type := Accept here update control { Auth-Type := Accept } } If you want to do this with requests that aren't PAP e.g. CHAP, MSCHAP/PEAP etc. then it will be much harder.