rlm_pap code tidy

Matthew Newton mcn4 at leicester.ac.uk
Wed Oct 3 18:53:42 CEST 2012


On Sat, Sep 29, 2012 at 06:58:00AM +0200, Alan DeKok wrote:
> Matthew Newton wrote:
> > As another thought, maybe rlm_pap should now also refuse to auth
> > against a password in User-Password? I moved the warning over from
> > auth.c, but pap still allows it to work. 3.0 would seem to be a
> > good place to finally break this.
>   It's probably a good idea.  Doing the User-Password thing breaks many
> authentication types.  It's time to NOT be backwards compatible with 10+
> years of stupidity.
>   Cleartext-Password has been around since 1.1.3.  It's time people used it.

On this basis, I've made a new patch which removes User-Password
checking from rlm_pap auth entirely, and moves the warning from
auth back to the autz (but then fails auth).

> > I guess it's a balance between forcing the Right Thing, and the
> > number of questions on freeradius-users... although I guess they
> > will be many when 3.0 is released anyway.
>   Hopefully the documentation will be clear on the subject.  See
> raddb/README.md.  It explains the upgrade process.

There's also a patch which adds a warning to the documentation
that User-Password should be updated to Cleartext-Password.

Both at https://github.com/mcnewton/freeradius-server/commits/rlm_pap_tidy



Matthew Newton, Ph.D. <mcn4 at le.ac.uk>

Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>

More information about the Freeradius-Devel mailing list