rlm_pap code tidy

Arran Cudbard-Bell a.cudbardb at freeradius.org
Wed Oct 3 19:04:02 CEST 2012


On 3 Oct 2012, at 11:53, Matthew Newton <mcn4 at LEICESTER.AC.UK> wrote:

> Hi,
> 
> On Sat, Sep 29, 2012 at 06:58:00AM +0200, Alan DeKok wrote:
>> Matthew Newton wrote:
>>> As another thought, maybe rlm_pap should now also refuse to auth
>>> against a password in User-Password? I moved the warning over from
>>> auth.c, but pap still allows it to work. 3.0 would seem to be a
>>> good place to finally break this.
>> 
>>  It's probably a good idea.  Doing the User-Password thing breaks many
>> authentication types.  It's time to NOT be backwards compatible with 10+
>> years of stupidity.
>> 
>>  Cleartext-Password has been around since 1.1.3.  It's time people used it.
> 
> On this basis, I've made a new patch which removes User-Password
> checking from rlm_pap auth entirely, and moves the warning from
> auth back to the autz (but then fails auth).
> 
>>> I guess it's a balance between forcing the Right Thing, and the
>>> number of questions on freeradius-users... although I guess they
>>> will be many when 3.0 is released anyway.
>> 
>>  Hopefully the documentation will be clear on the subject.  See
>> raddb/README.md.  It explains the upgrade process.
> 
> There's also a patch which adds a warning to the documentation
> that User-Password should be updated to Cleartext-Password.
> 
> Both at https://github.com/mcnewton/freeradius-server/commits/rlm_pap_tidy

Patch looks good, pull request?

-Arran


More information about the Freeradius-Devel mailing list