| |||||
| |||||
Search Irongeek.com:
Help Irongeek.com pay for bandwidth and research equipment: |
Back To MAN Pages From BackTrack 5 R1 Master List
When a RADIUS packet contains a clear-text password in the form of a
User-Password attribute, the rlm_pap module may be used for
authentication. The module requires a "known good" password, which it
uses to validate the password given in the RADIUS packet. That "known
good" password must be supplied by another module
(e.g. rlm_files, rlm_ldap, etc.), and is usually taken
from a database.
The only relevant configuration item is:
This module understands many kinds of password hashing methods, as
given by the following table.
The module tries to be flexible when handling the various password
formats. It will automatically handle Base-64 encoded data, hex
strings, and binary data, and convert them to a format that the server
can use.
It is important to understand the difference between the User-Password
and Cleartext-Password attributes. The Cleartext-Password attribute
is the "known good" password for the user. Simply supplying the
Cleartext-Password to the server will result in most authentication
methods working. The User-Password attribute is the password as typed
in by the user on their private machine. The two are not the same,
and should be treated very differently. That is, you should generally
not use the User-Password attribute anywhere in the RADIUS
configuration.
For backwards compatibility, there are old configuration parameters
which may be work, although we do not recommend using them.
15 most recent posts on Irongeek.com:
|
If you would like to republish one of the articles from this site on your
webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast