Adding Cleartext-Password for EAP requests (new module development)

Suneth Kariyawasam sunethnk at
Wed Aug 11 15:57:27 CEST 2021

Hi Alan,

Thank you for the swift response,

During authorization, my module knows the Cleartext-Password user has
submitted to send towards OpenIAM, Is there a way to add that to the


On Wed, Aug 11, 2021 at 7:24 PM Alan DeKok <aland at>

> On Aug 11, 2021, at 9:51 AM, Suneth Kariyawasam <sunethnk at>
> wrote:
> >
> > I am trying to develop a freeradius module for authorization with OpenIAM
> > and the module works fine with PAP and EAP-TTLS with PAP. Is there a way
> to
> > decode the EAP packet and access the User-Password attributes within the
> > mod_authorize method of my module or using an unlang policy?
>   No.  It's impossible.
> > Currently, EAP-TTLS wth PAP only woks because when the request is
> tunneled
> > eap_ttls copy all attributes but with MS-CHAP and others are not working
> > due to missing Cleartext-Password.
>   Yes.  It's impossible to get the clear-text password from MS-CHAP.
>    Alan DeKok.
> -
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Devel mailing list