Santiago Balaguer García wrote:
Hi,
I want the 'san0001' user has two passwords. There is in my
radcheck table:
Username | Attribute | op | value
------------------------------------
san0001 Password ?? santi1
san0001 Password ?? santi2
Which op value have to use (=, :=, +=, ==) ?
Multiple valid passwords for a single user is a bad idea for a host of
reasons. On top of that the username field should be a unique primary
key disallowing duplicates enforced by the SQL database. I have no clue
what it means to query a username and get multiple rows back and I
suspect the internal code would be confused by this as well (note I have
not looked at the code in question, but I would suspect it would do one
of two things, use the first row returned or fail with an error if
multiple rows). The concept of iterating over multiple rows until a
password finally works is so dubious I would be most surprised if it
were coded this way (and if it was I'd consider it a bug and security flaw).
The short answer is don't do this and don't expect the server to work
this way.
--
John Dennis <jden...@redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
