EAP, Cleartext-Password & rlm_perl
Phil Mayers
p.mayers at imperial.ac.uk
Fri May 23 13:34:05 CEST 2014
On 23/05/14 12:06, Ryan De Kock wrote:
> So the perl script has access to "Cleartext-Password" thanks to GTC I
> think but I cant log it in perl. The script literally only does this
> currently
I think you have misunderstood how this all works.
"Cleartext-Password" is a *control* item that you set, by lookup in
files/ldap/sql.
It isn't sent by the client.
*If* the client is doing a plaintext EAP inner - EAP-TTLS/PAP or
PEAP/GTC - then the password the clients sends will, in the right packet
in the inner-tunnel, be in the "User-Password" attribute.
And as Alan points out, EAP methods are decided by the client.
More information about the Freeradius-Users
mailing list