On Tue, 04 Jul 2000, Simon Hackett wrote:
> Hi folks (again!),
>
> I'm transitioning various radius user files, each servicing a
> different realm name, into the one radiator setup at the moment.
>
> It's all working - as simply as using AuthBy FILE on each relevant
> radius file from each previously different system, plus the
> StripRealm operator we added (as noted in the previous msg) to make
> each one match while preserving the realm in the accounting files.
>
> What I'd really like to do, because the previous system did
> case-insensitive password matching, is preserve that behavior under
> radiator. The user file concerned has plain text user passwords in
> it, which we've flattened down to all lower case (they weren't even
> consistent in the file, let alone being consistently used by the
> customers concerned).
>
> Now, what I want to do with this realm is handle it with an <AuthBy
> FILE>, but convince radiator to do the ultimate password check
> independently of the case of the user specified password.
>
> I've tried various approaches to this tonight, all in vain so far -
> trying to work out which routine, and where, in Radiator, to frob in
> order to achieve this effect. Unfortunately, the password
> comparison(s) concerned are buried deep inside routines which seem
> impossible to override (check_plaintext_password, in particular,
> seems like the most likely candidate).
>
> Any chance of adding a flag into Radiator, Mike, which might convince
> it on a per-realm basis to do the password checking in a
> case-insensitive manner (I understand that this will only make sense
> in a limited subset of cases - where the plaintext password is
> available, and where it's using PAP and not CHAP, I guess - but
> that's my situation).
>
> I almost want something resembling a 'RewritePassword' operator -
> though a 'LowercasePassword' or 'CaseInsensitivePasswordChecking' one
> would do just fine...
>
> The extreme version of such a notion would be to convince the
> attribute checking code to do case insensitive comparisons in general
> via a flag - which might then be called something like
> CaseInsensitiveCheckItems, I guess :)
>
For the password you are correct, check_plaintext_password in Radius/Radius.pm
is where it happens, just at the end of the routine:
else
{
# Just ordinary old plaintext, look for an exact match
$result = ($submitted_pw eq $pw);
}
I've copied this message to Mike for his comments.
cheers
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
