cutting User-Passwords after 8 chars

Stefan Winter stefan.winter at
Tue Feb 28 16:51:16 CET 2006


while migrating some legacy auth to RADIUS, a problem has shown up with users 
that enter more than 8 chars as their password. The old system truncated the 
stored passwords after 8 chars, and if a user input more, his input as well 
got truncated. So, logging in with stored pass = "12345678" but entering 
"1234567890" worked.
Now, with a RADIUS mySQL backend, we copied the stored passwords from the 
legacy system. Unfortuntely, users now get a failed login if they try to 
input the longer version, since stored pw and input don't match (which is 
prerfectly okay from the RADIUS pov).

I solved (well, hacked) this by putting something in the hints file (yes, I 
really start to love hints - and blatantly plug: please incorporate bug 

DEFAULT    Client-IP-Address == X.Y.Z.A, User-Password =~ "(........)(.+)"
        User-Password := `%{1}`

and it works (phew!). Now my question is, is there some more elegant way which 
I have just overlooked, or is that it? I am aware that the most elegant way 
is to tell the users that things changed, but no.


Stefan Winter


RESTENA Foundation - Réseau Téléinformatique de l'Education Nationale et de 
la Recherche
R&D Engineer

6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
email: stefan.winter at     Tel.:     +352 424409-1               Fax:      +352 422473

More information about the Freeradius-Users mailing list