FreeRADIUS 3.0 - Help with understanding op value for cleartext-password

Michael Schwartzkopff ms at
Wed Jul 6 13:10:32 CEST 2016

Am Mittwoch, 6. Juli 2016, 12:06:28 schrieb Ian Hiddleston:
> Hi all,
> I've got my server working ok, one thing that I'm curious about is why the
> op value for Cleartext-Password is ':=' rather than '==' ?
> As my google-fu appears to be lacking I figured I might as well ask the
> question.
> Thanks,
> Ian.

goole: man 5 users
bash: man 5 users

Attribute := Value
    Always matches as a check item, and replaces in the configuration items any   
   attribute of the same name. If no attribute of that name appears in the 
   request, then this attribute is added.
    As a reply item, it has an identical meaning, but for the reply items, 
    instead of the request items. 
Attribute == Value
    As a check item, it matches if the named attribute is present in the 
    request, AND has the given value.
    Not allowed as a reply item. 

if you use "==" the Cleartext-Password must be in the incomming RADIUS 
request. Very unlikely.

Mit freundlichen Grüßen,

Michael Schwartzkopff

[*] sys4 AG, +49 (89) 30 90 46 64, +49 (162) 165 0044
Schleißheimer Straße 26/MG, 80333 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 230 bytes
Desc: This is a digitally signed message part.
URL: <>

More information about the Freeradius-Users mailing list