All password checks disabled... ugh
Alan DeKok
aland at deployingradius.com
Tue Apr 15 22:42:17 CEST 2014
Stefan Winter wrote:
>> Found that it is set in config. My pap module config is really minimal:
>> pap {
>> auto_header = no
The auto_header directive has been removed in v3. The User-Password
is now always just the password. The Password-With-Header attribute
should contain the header.
> Might do. Meanwhile, one of the mini things I found while chasing ghosts
> is that my "files" instance separates the username and the NT-Password
> := ABCDFOO with *spaces*, while the doc says it need to be tabs.
Both spaces and tabs are accepted. The "users" file parsing code
hasn't changed in v3.
> My theory is that it might have matched line 22, but not actually picked
> up the password; and then by some dubious assumption concluded "nothing
> to check, so Accept"?
No. If there's no Cleartext-Password, it should default to rejecting
the request.
> This doesn't explain why other clients on the same virtual server do
> check the NT-Password. Oh well.
No idea.
Alan DeKok.
More information about the Freeradius-Devel
mailing list