OK, another 6 hours of digging and putzing have given me what I want (although not necessarily the way I originally wanted), and I figured I'd post it here for posterity (and hopefully so it'll be indexed by Google in case anyone else is looking to do the same).
I couldn't get it to work with rlm_password (for some reason it just didn't recognize the entries I had in there, perhaps I had the format wrong?) but I was able to get it working using the Crypt-Password attribute in the regular users file (I find it strange that there wasn't an example of this in the comments of the file - perhaps this is something that should be included in the next version, so the keyword is at least visible to those that bother reading the examples?). I discovered it in the archives from 6 months ago (URL: http://lists.freeradius.org/pipermail/freeradius-users/2003-July/020900.html ). Now my user password file contains entries like this: bad Auth-Type := System, Crypt-Password == "$1$37l.BBR2$bcYRkPw.bkkTAz3gkjsZZ1" Where "bad" is the user and "$1$37l.BBR2$bcYRkPw.bkkTAz3gkjsZZ1" is the md5 of "password" On a side note, I was also unable to discover anything different between Auth-Type := System and Auth-Type := Local. I grep'd the source code quickly saw just this: include/radius.h:228:#define PW_AUTHTYPE_SYSTEM 1 Is this a (presently) unused feature? I'll read the RFCs sometime tomorrow to see if they explain a difference. Hope this helps anyone else out there looking to do something similar. -Phil - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html