Usage of Cleartext-Password
I have just upgraded from 1.1.2. to 1.1.4. Now I tried to convert my custom authorization module to use the "Cleartext-Password" attribute instead of "User-Password" (my passwords are in clear-text). I simply replaced the following command at the end of the authorization routine of my module: pairadd( &request->config_items, pairmake("User-Password", password, T_OP_CMP_EQ) ); with: pairadd( &request->config_items, pairmake("Cleartext-Password", password, T_OP_CMP_EQ) ); But the daemon started to give "Login incorrect" errors (with no other error description), so I had to revert the change. What am I missing? Thanks. -- ___________________________________________________ __ |- giannici@neomedia.it |ederico Giannici http://www.neomedia.it ___________________________________________________
Federico Giannici wrote:
I have just upgraded from 1.1.2. to 1.1.4. Now I tried to convert my custom authorization module to use the "Cleartext-Password" attribute instead of "User-Password" (my passwords are in clear-text). ... But the daemon started to give "Login incorrect" errors (with no other error description), so I had to revert the change.
Did you list the "PAP" module last in the "authorize" section? The README, etc. says "go read the rlm_pap documentation". The changes are explained there. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
Alan DeKok wrote:
Federico Giannici wrote:
I have just upgraded from 1.1.2. to 1.1.4. Now I tried to convert my custom authorization module to use the "Cleartext-Password" attribute instead of "User-Password" (my passwords are in clear-text). ... But the daemon started to give "Login incorrect" errors (with no other error description), so I had to revert the change.
Did you list the "PAP" module last in the "authorize" section?
Yes, I did.
The README, etc. says "go read the rlm_pap documentation". The changes are explained there.
I already read it. I understood that authorizations modules now have to add "Cleartext-Password" instead of "User-Password" in the "request->config_items". And so I did. What else? BTW, it seems to me that "standard" modules (like rlm_ldap) still use the now deprecated "User-Password" (PW_PASSWORD)... Thanks. -- ___________________________________________________ __ |- giannici@neomedia.it |ederico Giannici http://www.neomedia.it ___________________________________________________
SOLVED! In pairmake() I was using T_OP_CMP_EQ instead of T_OP_EQ (it worked with "User-Password"...). Bye. Federico Giannici wrote:
Alan DeKok wrote:
Federico Giannici wrote:
I have just upgraded from 1.1.2. to 1.1.4. Now I tried to convert my custom authorization module to use the "Cleartext-Password" attribute instead of "User-Password" (my passwords are in clear-text). ... But the daemon started to give "Login incorrect" errors (with no other error description), so I had to revert the change. Did you list the "PAP" module last in the "authorize" section?
Yes, I did.
The README, etc. says "go read the rlm_pap documentation". The changes are explained there.
I already read it. I understood that authorizations modules now have to add "Cleartext-Password" instead of "User-Password" in the "request->config_items". And so I did. What else?
BTW, it seems to me that "standard" modules (like rlm_ldap) still use the now deprecated "User-Password" (PW_PASSWORD)...
Thanks.
-- ___________________________________________________ __ |- giannici@neomedia.it |ederico Giannici http://www.neomedia.it ___________________________________________________
Unfortunately it works with PAP only! With CHAP it gives me "rlm_chap: Clear text password not available"... Any suggestion? Thanks. Federico Giannici wrote:
SOLVED!
In pairmake() I was using T_OP_CMP_EQ instead of T_OP_EQ (it worked with "User-Password"...).
Bye.
Federico Giannici wrote:
Alan DeKok wrote:
Federico Giannici wrote:
I have just upgraded from 1.1.2. to 1.1.4. Now I tried to convert my custom authorization module to use the "Cleartext-Password" attribute instead of "User-Password" (my passwords are in clear-text). ... But the daemon started to give "Login incorrect" errors (with no other error description), so I had to revert the change. Did you list the "PAP" module last in the "authorize" section?
Yes, I did.
The README, etc. says "go read the rlm_pap documentation". The changes are explained there.
I already read it. I understood that authorizations modules now have to add "Cleartext-Password" instead of "User-Password" in the "request->config_items". And so I did. What else?
BTW, it seems to me that "standard" modules (like rlm_ldap) still use the now deprecated "User-Password" (PW_PASSWORD)...
Thanks.
-- ___________________________________________________ __ |- giannici@neomedia.it |ederico Giannici http://www.neomedia.it ___________________________________________________
On Sun, Feb 04, 2007 at 01:20:17PM +0100, Federico Giannici wrote:
Unfortunately it works with PAP only! With CHAP it gives me "rlm_chap: Clear text password not available"...
Any suggestion?
You may try to stick with User-Password for now, it's still recognized by rlm_pap. CVS version of rlm_chap already uses Cleartext-Password, so it's probably planned for v2.0. My guess is, that setting both User- and Cleartext-Password may work too. th.
participants (3)
-
Alan DeKok -
Federico Giannici -
Tomas Hoger