Weird problem with some special characters in passwords
Alan DeKok
aland at deployingradius.com
Sat Jan 17 19:00:38 CET 2009
Frank Weis wrote:
> We have tried to force the password to UTF-8 or ISO-8859-1 and other
> encodings in the custom applications, to no avail (we have no way to
> force this in the securew2 client for eduroam anyway).
I think this issue is being addressed in SecureW2.
> This works very well most of the time, but fails if the password
> contains seleCompanyd special charaCompanyrs, like ° (degree) or §
> (paragraph), for example.
The contents of the password are... whatever the client determines
them to be. This is known to be wrong, and not inter-operable.
> We are short of ideas as to what to try next.... Any pointers would be
> greatly appreciated.....
FreeRADIUS just receives the information in the password from the
client. It takes care to not mangle it too much.
> +- entering group LDAP3 {...}
> [ldap3] login attempt by "blabla" with password "qwertz��"
If that's what the client application sent, there's little you can do
to FreeRADIUS to fix it. You can fix the client, or (somehow) re-write
the "bad" password into a "good" password in FreeRADIUS.
Given that the mapping of "good" characters to "bad" characters is
nearly infinite, and client dependent, re-writing it in FreeRADIUS isn't
easy.
Alan DeKok.
More information about the Freeradius-Users
mailing list