Hi, I'm not sure if it's a normal behavior or a bug ... but if my password is test and I enter test123, the rlm_pap module say that my password is valid.
When I check the source code of rlm_pap.c, I see : if (strncmp((char *) passwd_item->strvalue, (char *) request->password->strvalue, passwd_item->length) != 0){ DEBUG("rlm_pap: Passwords don't match"); If I understand, they compare only the first "x" characters of the password (where x = the length of the wanted password) then If the wanted password is "test" then all password that begin w/ test will be accepted... -- Joel Vandal - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html