EAP, Cleartext-Password & rlm_perl
Ryan De Kock
ryandekock1988 at gmail.com
Fri May 23 13:41:04 CEST 2014
OK...Thanks my head feels better now.
So then if I could just ask one more question. Am I able to use sql to
authenticate users via eap? if so, is it possible to use a custom schema? I
just wondering because if I don't know the password of the user, how can I
authenticate it against sql?
On 23 May 2014 13:34, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
> On 23/05/14 12:06, Ryan De Kock wrote:
>
> So the perl script has access to "Cleartext-Password" thanks to GTC I
>> think but I cant log it in perl. The script literally only does this
>> currently
>>
>
> I think you have misunderstood how this all works.
>
> "Cleartext-Password" is a *control* item that you set, by lookup in
> files/ldap/sql.
>
> It isn't sent by the client.
>
> *If* the client is doing a plaintext EAP inner - EAP-TTLS/PAP or PEAP/GTC
> - then the password the clients sends will, in the right packet in the
> inner-tunnel, be in the "User-Password" attribute.
>
> And as Alan points out, EAP methods are decided by the client.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140523/89752828/attachment-0001.html>
More information about the Freeradius-Users
mailing list