Hello. I've upgraded to 3.0.15 from 2.X and now I have a problem with pap authorization. My users saved in a MySQL with an attribute md5. But, from Cisco ASA I receive header User-Password. In a source code I've found next strings: case PW_USER_PASSWORD: /* deprecated */ RWDEBUG("!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"); RWDEBUG("!!! Ignoring control:User-Password. Update your !!!"); RWDEBUG("!!! configuration so that the \"known good\" clear text !!!"); RWDEBUG("!!! password is in Cleartext-Password and NOT in !!!"); RWDEBUG("!!! User-Password. !!!"); RWDEBUG("!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"); break; Okay. I've found a workaround with unlang and paste it to "authorize" section: if (!control:Cleartext-Password && control:User-Password) { update control { Cleartext-Password := "%{control:User-Password}" } } But it doesn't work. How can I save an encrypted password in MySQL and delete header User-Password which I receive from Cisco ASA (I can't modify software on the Cisco side)? -- Best regards, Anton Kiryushkin