Adding Cleartext-Password for EAP requests (new module development)

Alan DeKok aland at
Wed Aug 11 15:53:53 CEST 2021

On Aug 11, 2021, at 9:51 AM, Suneth Kariyawasam <sunethnk at> wrote:
> I am trying to develop a freeradius module for authorization with OpenIAM
> and the module works fine with PAP and EAP-TTLS with PAP. Is there a way to
> decode the EAP packet and access the User-Password attributes within the
> mod_authorize method of my module or using an unlang policy?

  No.  It's impossible.

> Currently, EAP-TTLS wth PAP only woks because when the request is tunneled
> eap_ttls copy all attributes but with MS-CHAP and others are not working
> due to missing Cleartext-Password.

  Yes.  It's impossible to get the clear-text password from MS-CHAP.

   Alan DeKok.

More information about the Freeradius-Devel mailing list