On Fri, May 09, 2008 at 08:17:25PM +0100, Yago Fdez. Hansen wrote: > Dana 9/5/2008, "Yago Fdez. Hansen" <[EMAIL PROTECTED]> piše: > >Hi everybody: > > > >I am installing a lab test server with Freeradius 2.0.4 with all > >the authentication installed: CHAP, PAP, EAP and authorization over > >MySQL, users, system, and LDAP. > > > >I installed it in the few last days and I have everything working > >now, but as I was testing it, I could notice a bug. I created > >users in every DB and file all of them with own password and user > >entries. When I was testing with radtest ALL worked fine, but I > >noticed that ONLY with PAP authentication and MySQL user it doesn't > >matter if I put a clear password in radtest larger than the original > >one I get an Access-Accept message. > > > >Example: > > > >radtest papsqluser papsecret localhost 0 testing123 > >Access-Accept > > > >radtest papsqluser papsecret43343 localhost 0 testing123 > >Access-Accept > > > mysql> select * from radcheck > -> ; > +----+-------------+----------------+----+---------------+ > | id | username | attribute | op | value | > +----+-------------+----------------+----+---------------+ > | 1 | Chapsqluser | User-Password | == | chapsecret | > | 2 | Chapsqluser | Auth-Type | := | Local | > | 3 | Papsqluser | Crypt-Password | == | /gTPHauHkNjWE | > | 4 | Papsqluser | Auth-Type | := | Crypt-Local | > +----+-------------+----------------+----+---------------+ > 4 rows in set (0.00 sec)
The DES crypt algorithm only deals with the first 8 characters of the password. No bug, working as designed. -- Scott Lambert KC5MLE Unix SysAdmin [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html