Multiple Cleartext-Password?
Alan DeKok
aland at deployingradius.com
Wed May 18 17:33:01 CEST 2011
Brian Candler wrote:
> Has anyone made a patch to rlm_pap and rlm_chap so that it supports multiple
> instances of Cleartext-Password? The idea would be to succeed if the
> incoming request matches any one of them.
My $0.02 is to use rlm_perl, and do the password comparison yourself.
> (This could be helpful for a migration where a user could be logging in with
> one of several variants of the password in the database)
I see how that's useful, but that kind of thing worries me a lot. It
can be used/abused in many ways.
I could see the code going in for 3.0, but only in a way where it
takes work to enable it. Otherwise, most people using it will get it wrong.
Alan DeKok.
More information about the Freeradius-Devel
mailing list