EAP, Cleartext-Password & rlm_perl

Phil Mayers p.mayers at imperial.ac.uk
Fri May 23 13:34:05 CEST 2014


On 23/05/14 12:06, Ryan De Kock wrote:

> So the perl script has access to "Cleartext-Password" thanks to GTC I
> think but I cant log it in perl. The script literally only does this
> currently

I think you have misunderstood how this all works.

"Cleartext-Password" is a *control* item that you set, by lookup in 
files/ldap/sql.

It isn't sent by the client.

*If* the client is doing a plaintext EAP inner - EAP-TTLS/PAP or 
PEAP/GTC - then the password the clients sends will, in the right packet 
in the inner-tunnel, be in the "User-Password" attribute.

And as Alan points out, EAP methods are decided by the client.


More information about the Freeradius-Users mailing list