All password checks disabled... ugh
Stefan Winter
stefan.winter at restena.lu
Thu Apr 17 09:17:16 CEST 2014
Hi,
> The auto_header directive has been removed in v3. The User-Password
> is now always just the password. The Password-With-Header attribute
> should contain the header.
Well, it exists as documentation / sample config piece in 3.0.2's
radds/mods-avilable/pap.
Not that I care; I don't use that functionality. But if it has been
removed, the docs shouldn't talk about it any more.
But seriously... this is just a side issue. I'm MUCH more concerned
about proxy-to-vserver requests behaving very strangely, to the extent
of defaulting to Accept.
Any news on that main issue?
Greetings,
Stefan Winter
>
>> Might do. Meanwhile, one of the mini things I found while chasing ghosts
>> is that my "files" instance separates the username and the NT-Password
>> := ABCDFOO with *spaces*, while the doc says it need to be tabs.
>
> Both spaces and tabs are accepted. The "users" file parsing code
> hasn't changed in v3.
>
>> My theory is that it might have matched line 22, but not actually picked
>> up the password; and then by some dubious assumption concluded "nothing
>> to check, so Accept"?
>
> No. If there's no Cleartext-Password, it should default to rejecting
> the request.
>
>> This doesn't explain why other clients on the same virtual server do
>> check the NT-Password. Oh well.
>
> No idea.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
>
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x8A39DC66.asc
Type: application/pgp-keys
Size: 3243 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20140417/a808f9f1/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20140417/a808f9f1/attachment.pgp>
More information about the Freeradius-Devel
mailing list