Thanks Alan, I've read the manpage on rlm_pap. Regarding the User-Password attribute I understand that it is still support but we moved to using Cleartext-Password which is essentially the same. Regarding the other attributes like Crypt-Password or MD5-Password, the manpage says that these contain the crypted/md5 hashed form of the password. Does that mean that if I use those as the password attribute then in the database I'm supposed to use the MD5() function to encrypt the password I save there? This also brings me to another question, if I can encrypt like that a password in the database even for the Cleartext-Password (or the deprecated User-Password) attribute as the manpage also mentions that rlm_pap, if put last in the authorize section will try to decrypt the password. Do I understand this correctly? Regards, Liran. On 7/29/07, Alan DeKok <aland@deployingradius.com> wrote:
liran tal wrote:
I was wondering if someone can clearly explain the use of different Password attributes when they're used in a scenario where MySQL is involved.
The different password attributes have nothing to do with MySQL.
Put a clear-text password in MySQL, and let the server deal with different authentication protocols.
The basic case of User-Password is clear. When the attribute in the radcheck table is User-Password then it's value is the password in clear text and the op is ==
No. See the recent documentation in 1.1.5 and following. The attribute is Cleartext-Password, and the operator is :=.
What about Cleartext-Password? I've added this attribute with op of := and value password in clear text and used radtest as a test, and it results in just re-transmission of Access-Request queries, and basically not working.
See the FAQ for "it doesn't work". The FAQ, README, INSTALL, etc. all say to run the server in debugging mode.
What about Chap-Password, MD5-Password, SHA1-Password, what are their corresponding values and op like?
Read the documentation in "man rlm_pap", as suggested in the README.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html