Hello All,
There seems to be some general interest in this feature, so we have made a
patch available that permits the new parameter CaseInsensitivePasswords in
AuthBy clauses. That will allow any AuthBy that does plaintext password
checking to be case insensitve (it obviously would have no effect on CHAP or
encrypted passwords). This will work for FILE, SQL, DBFILE and others.
The patched files are in the 2.16.1 patches area.
This fix involves changes to both AuthGeneric.pm and Radius.pm, and you must be
sure to install _both_ of them from the patches area.
Feedback to me please.
Cheers.
On Jul 4, 3:09pm, Hugh Irvine wrote:
> Subject: Re: Performing a case-insensitive password match in a users file?
> On Tue, 04 Jul 2000, Simon Hackett wrote:
> > Hi folks (again!),
> >
> > I'm transitioning various radius user files, each servicing a
> > different realm name, into the one radiator setup at the moment.
> >
> > It's all working - as simply as using AuthBy FILE on each relevant
> > radius file from each previously different system, plus the
> > StripRealm operator we added (as noted in the previous msg) to make
> > each one match while preserving the realm in the accounting files.
> >
> > What I'd really like to do, because the previous system did
> > case-insensitive password matching, is preserve that behavior under
> > radiator. The user file concerned has plain text user passwords in
> > it, which we've flattened down to all lower case (they weren't even
> > consistent in the file, let alone being consistently used by the
> > customers concerned).
> >
> > Now, what I want to do with this realm is handle it with an <AuthBy
> > FILE>, but convince radiator to do the ultimate password check
> > independently of the case of the user specified password.
> >
> > I've tried various approaches to this tonight, all in vain so far -
> > trying to work out which routine, and where, in Radiator, to frob in
> > order to achieve this effect. Unfortunately, the password
> > comparison(s) concerned are buried deep inside routines which seem
> > impossible to override (check_plaintext_password, in particular,
> > seems like the most likely candidate).
> >
> > Any chance of adding a flag into Radiator, Mike, which might convince
> > it on a per-realm basis to do the password checking in a
> > case-insensitive manner (I understand that this will only make sense
> > in a limited subset of cases - where the plaintext password is
> > available, and where it's using PAP and not CHAP, I guess - but
> > that's my situation).
> >
> > I almost want something resembling a 'RewritePassword' operator -
> > though a 'LowercasePassword' or 'CaseInsensitivePasswordChecking' one
> > would do just fine...
> >
> > The extreme version of such a notion would be to convince the
> > attribute checking code to do case insensitive comparisons in general
> > via a flag - which might then be called something like
> > CaseInsensitiveCheckItems, I guess :)
> >
>
> For the password you are correct, check_plaintext_password in
Radius/Radius.pm
> is where it happens, just at the end of the routine:
>
> else
> {
> # Just ordinary old plaintext, look for an exact match
> $result = ($submitted_pw eq $pw);
> }
>
> I've copied this message to Mike for his comments.
>
> cheers
>
> Hugh
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
> Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
>
>
>
>-- End of excerpt from Hugh Irvine
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc
on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
