PAP questions.

[Phil Mayers]

> So I guess I missed something completely or its not possible to have
> a username ONLY listed in Radcheck with Crypt-Password and authenticate
> that user?
> 
> Does the username really need to be be in both the UserGroup table and
> Radcheck table for a crypt-password method to work?

No, it's got nothing to do with the specifics of the tables they're in, 
just the specific of what config items are added by the modules (in this 
case SQL). Obviously if you remove the user from the group which is 
setting Auth-Type to the right value, it will stop working. The user has 
to have Auth-Type set to an appropriate value to execute an appropriate 
module.

The "Local" auth-type is effectively a kind of built-in pap module with 
some kind of odd heuristic guessing of what type of auth to do, where to 
get the passwords from, and so forth. You are much better off in my 
opinion using the pap module.

Auth-Type being Local does not do that.

Auth-Type being "PAP" and a section in authenticate like:

authenticate {
   Auth-Type PAP {
     pap
   }
}

...does