Adding Cleartext-Password for EAP requests (new module development)
aland at deployingradius.com
Wed Aug 11 15:53:53 CEST 2021
On Aug 11, 2021, at 9:51 AM, Suneth Kariyawasam <sunethnk at gmail.com> wrote:
> I am trying to develop a freeradius module for authorization with OpenIAM
> and the module works fine with PAP and EAP-TTLS with PAP. Is there a way to
> decode the EAP packet and access the User-Password attributes within the
> mod_authorize method of my module or using an unlang policy?
No. It's impossible.
> Currently, EAP-TTLS wth PAP only woks because when the request is tunneled
> eap_ttls copy all attributes but with MS-CHAP and others are not working
> due to missing Cleartext-Password.
Yes. It's impossible to get the clear-text password from MS-CHAP.
More information about the Freeradius-Devel