cutting User-Passwords after 8 chars
Stefan Winter
stefan.winter at restena.lu
Tue Feb 28 16:51:16 CET 2006
Hello,
while migrating some legacy auth to RADIUS, a problem has shown up with users
that enter more than 8 chars as their password. The old system truncated the
stored passwords after 8 chars, and if a user input more, his input as well
got truncated. So, logging in with stored pass = "12345678" but entering
"1234567890" worked.
Now, with a RADIUS mySQL backend, we copied the stored passwords from the
legacy system. Unfortuntely, users now get a failed login if they try to
input the longer version, since stored pw and input don't match (which is
prerfectly okay from the RADIUS pov).
I solved (well, hacked) this by putting something in the hints file (yes, I
really start to love hints - and blatantly plug: please incorporate bug
#335):
DEFAULT Client-IP-Address == X.Y.Z.A, User-Password =~ "(........)(.+)"
User-Password := `%{1}`
and it works (phew!). Now my question is, is there some more elegant way which
I have just overlooked, or is that it? I am aware that the most elegant way
is to tell the users that things changed, but no.
Greetings,
Stefan Winter
--
Stefan WINTER
RESTENA Foundation - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
R&D Engineer
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
email: stefan.winter at restena.lu Tel.: +352 424409-1
http://www.restena.lu Fax: +352 422473
More information about the Freeradius-Users
mailing list