Multiple Cleartext-Password?

Alan DeKok aland at
Wed May 18 17:33:01 CEST 2011

Brian Candler wrote:
> Has anyone made a patch to rlm_pap and rlm_chap so that it supports multiple
> instances of Cleartext-Password?  The idea would be to succeed if the
> incoming request matches any one of them.

  My $0.02 is to use rlm_perl, and do the password comparison yourself.

> (This could be helpful for a migration where a user could be logging in with
> one of several variants of the password in the database)

  I see how that's useful, but that kind of thing worries me a lot.  It
can be used/abused in many ways.

  I could see the code going in for 3.0, but only in a way where it
takes work to enable it.  Otherwise, most people using it will get it wrong.

  Alan DeKok.

More information about the Freeradius-Devel mailing list