attribute Password in an Access-Reject packet

Alan DeKok aland at
Mon Feb 13 18:56:33 CET 2006

Susana Macias <susana_macias12 at> wrote:
> Yes, but in the RFC says that the User-Password
> attribute "is only used in Access-Request packets".
> However I have been able to send it in an
> Access-Accept packet (this is why I asked)

  It's not a good idea to send passwords in Access-Accept.

  Technically, the RFC's should have forbidden that, too.

> And is there any form to send Password instead
> User-Password?

  The names are unimportant.  They both refer to the same attribute:
number 2.  The names are used only by the server.  See "man
dictionary" for details.

  Perhaps you could explain why you're sending the password in
response packets, and why you think it's useful.

  Alan DeKok.

More information about the Freeradius-Users mailing list