OK, So I see there is a preprocess module that says you can manipulate attributes:
# The preprocess module takes care of sanitizing some bizarre
# attributes in the request, and turning them into attributes
# which are more standard.
so I added the following:
if (User-Password =~ /^(.+)([0-9]{6})$/) {
update request {
User-Password = "%{1}"
Some-PIN-Attr = "%{2}"
}
}
Although it did not trim the password and returned Access_Reject (I also saw from the debug that the 6 digit number had not been trimmed) , so I also attempted to add this to the ntlm_auth module with the same result, I am really at a loss here..