Hi,
I'm not sure if it's a normal behavior or a bug ... but if my password is
test and I enter test123, the rlm_pap module say that my password is valid.
When I check the source code of rlm_pap.c, I see :
if (strncmp((char *) passwd_item->strvalue,
(char *) request->password->strvalue, passwd_item->length)
!= 0){
DEBUG("rlm_pap: Passwords don't match");
If I understand, they compare only the first "x" characters of the password
(where x = the length of the wanted password) then If the wanted password is
"test" then all password that begin w/ test will be accepted...
--
Joel Vandal
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
