Re: lower_pass = after problems
Mike Lampson [EMAIL PROTECTED] wrote: Both. The after thing runs the packet through the server twice, which is problematic. The lower_pass thing can be done in a module. I would urge you *not* to do this. We SHA1 encrypt our lowercased, MySQL-stored passwords. We then lowercase the incoming password from the authentication request before the PAP module SHA1-encodes it for comparison. I would rather not process the incoming authentication request through an additional module prior to performing the authentication. Whether it's done in the server core or another module is irrelevant to CPU time and memory. The problem is that the server core shouldn't have atrocious hacks like this in it. That functionality already exists in the module infrastructure, in a more stable and more configurable form. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: lower_pass = after problems
Alan DeKok wrote: Federico Giannici [EMAIL PROTECTED] wrote: I have noticed that the lower_pass = after configuration command is implemented simply executing a second time the entire sequence of authorization/authentication operations. Yes. The feature is a hack, and should be removed from the server. Similarly, the lower_user feature should also be deleted. Hummm... Do you want to remove only the after option (the real hack) or the entire command? I'd like to know this so, in the latter case, I'll have to implement this functionality in our custom module I'm writing... Thanks. -- ___ __ |- [EMAIL PROTECTED] |ederico Giannici http://www.neomedia.it ___ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: lower_pass = after problems
Federico Giannici [EMAIL PROTECTED] wrote: I have noticed that the lower_pass = after configuration command is implemented simply executing a second time the entire sequence of authorization/authentication operations. Yes. The feature is a hack, and should be removed from the server. Similarly, the lower_user feature should also be deleted. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html