Adding Cleartext-Password for EAP requests (new module development)

Suneth Kariyawasam sunethnk at gmail.com
Wed Aug 11 15:57:27 CEST 2021


Hi Alan,

Thank you for the swift response,

During authorization, my module knows the Cleartext-Password user has
submitted to send towards OpenIAM, Is there a way to add that to the
request.

Suneth.


On Wed, Aug 11, 2021 at 7:24 PM Alan DeKok <aland at deployingradius.com>
wrote:

> On Aug 11, 2021, at 9:51 AM, Suneth Kariyawasam <sunethnk at gmail.com>
> wrote:
> >
> > I am trying to develop a freeradius module for authorization with OpenIAM
> > and the module works fine with PAP and EAP-TTLS with PAP. Is there a way
> to
> > decode the EAP packet and access the User-Password attributes within the
> > mod_authorize method of my module or using an unlang policy?
>
>   No.  It's impossible.
>
> > Currently, EAP-TTLS wth PAP only woks because when the request is
> tunneled
> > eap_ttls copy all attributes but with MS-CHAP and others are not working
> > due to missing Cleartext-Password.
>
>   Yes.  It's impossible to get the clear-text password from MS-CHAP.
>
>    Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/devel.html


More information about the Freeradius-Devel mailing list