MS-CHAPv2 password change implementation

Phil Mayers p.mayers at imperial.ac.uk
Tue Apr 19 16:57:43 CEST 2011


All,

I have spent the last few days writing the code to allow rlm_mschap and 
rlm_eap_mschapv2 to support password changes.

Rather than slinging tarballs around, the patches are in a branch here:


https://github.com/philmayers/freeradius-server/tree/v2.1.x-mschap-changepass


It basically works for me; I've tried it with a Windows XP client on a 
wired 802.1x port, but it needs extensive testing given the scope of the 
changes. It supports both password changes via samba/ntlm_auth and also 
locally if you have NT-Password/Cleartext-Password.

I've tried to split the patches up into logical units, which should make 
the review easier.

Particularly, the first patch in the set interferes with src/main/exec.c 
so that we can re-use the code to open a process with a pipe on both 
stdin and stdout. This change will need very careful review.

Testing and comments are very welcome, but I'll be offline for most of 
the next two weeks enjoying the weather!

Cheers,
Phil



More information about the Freeradius-Users mailing list