29 Mar
2008
29 Mar
'08
9:52 a.m.
Somebody please tell me where I should be looking to make this work correctly.
It doesn't work because the PAP module isn't doing anything. The PAP module *should* be taking the crypt'd password, and doing something useful with it. (See "man rlm_pap")
I don't have a copy of 2.0.3 handy, but this looks like a bug to me at ~line 383 of rlm_pap.c: case PW_PROXY_TO_REALM: { REALM *realm = realm_find(vp->vp_strvalue); if (realm && !realm->auth_pool) { return RLM_MODULE_NOOP; } break; } Shouldn't that be: if (realm && realm->auth_pool) i.e. if the realm is known/real *and* has servers i.e. isn't local, then no-op?