George C. Kaplan wrote:
Phil Mayers wrote:
I'll try to give an example. Suppose you had two entries, using '=='
for the same user:
plong Auth-Type = Local, User-Password == "126"
plong Auth-Type = Local, User-Password == "123"
Then, if 'plong' supplies the password "123", the 'files' module
(which processes the 'users' file) will select the second entry, then
the authentication module will compare the passwords in the request
and config items, and the user will be accepted.
Hmm. So it does. I didn't think the server behaved that way. It does not
seem terribly consistent.
OK, now *I'm* confused. What's inconsistent about the above behavior?
I was referring to the use of the == versus := operator against
User-Password being inconsistent:
== compares THERE AND THEN the "request" User-Password to the
right-hand-side of the operator. It will only ever work for PAP
requests, not CHAP, MS-CHAP, digest, etc.
:= sets the config/check User-Password to the right hand side of the
operator. The authorize section completes, then authenticate is run, and
the server uses the password in the config items to check the password
in the request items - this will work for all authentication types.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html