Re: Issues with £ character in passwords
Alan DeKok
aland at deployingradius.com
Wed Feb 11 15:00:13 CET 2015
On Feb 11, 2015, at 8:46 AM, Mark Keyte <Mark.Keyte at lshtm.ac.uk> wrote:
> We have recently noticed that authentication is failing when users are
> using the £ sign character in their password (and also § found on
> macbook keyboards) - it seems to work fine with other characters -
> !"$%^123&*()_+-=[]{};'#:@~,./<>?\| for example.
i.e. ASCII.
The problem is a hard one to solve. The MS-CHAP standards don’t actually say what format the passwords should be in. So implementations have chosen different paths… not all of which are compatible.
> However as soon as I remove £ sign auth is working fine.
Exactly.
> It also works if you use £ rather than just the £ within the password
> when authing from a supplicant (tested with android & Windows)-
> suggesting some kind of encoding issue??.
It’s an encoding issue. FreeRADIUS tries to do the right thing, and has been tested with every supplicant out there. So it *should* work.
> Any thoughts would be appreciated.
Post some sample passwords to the list. The one that fails, and the one that works. As *hex* strings. Don’t just cut & paste the password. Mailers *will* modify the password. They won’t modify a hex string.
I’ll take a look and see if there’s an issue which can be fixed.
Alan DeKok.
More information about the Freeradius-Users
mailing list