rlm_pap code tidy
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Wed Oct 3 19:04:02 CEST 2012
On 3 Oct 2012, at 11:53, Matthew Newton <mcn4 at LEICESTER.AC.UK> wrote:
> Hi,
>
> On Sat, Sep 29, 2012 at 06:58:00AM +0200, Alan DeKok wrote:
>> Matthew Newton wrote:
>>> As another thought, maybe rlm_pap should now also refuse to auth
>>> against a password in User-Password? I moved the warning over from
>>> auth.c, but pap still allows it to work. 3.0 would seem to be a
>>> good place to finally break this.
>>
>> It's probably a good idea. Doing the User-Password thing breaks many
>> authentication types. It's time to NOT be backwards compatible with 10+
>> years of stupidity.
>>
>> Cleartext-Password has been around since 1.1.3. It's time people used it.
>
> On this basis, I've made a new patch which removes User-Password
> checking from rlm_pap auth entirely, and moves the warning from
> auth back to the autz (but then fails auth).
>
>>> I guess it's a balance between forcing the Right Thing, and the
>>> number of questions on freeradius-users... although I guess they
>>> will be many when 3.0 is released anyway.
>>
>> Hopefully the documentation will be clear on the subject. See
>> raddb/README.md. It explains the upgrade process.
>
> There's also a patch which adds a warning to the documentation
> that User-Password should be updated to Cleartext-Password.
>
> Both at https://github.com/mcnewton/freeradius-server/commits/rlm_pap_tidy
Patch looks good, pull request?
-Arran
More information about the Freeradius-Devel
mailing list