manpagez: man pages & more
man rlm_pap(5)

man pages By Section Choose... 123456789ln Alphabetically Choose... ABCDEFGHIJKLMNOPQRSTUVWXYZOther

Other versions of rlm_pap Choose... osxs-10.5osx-10.8

Home | html | info | man

rlm_pap(5)                     FreeRADIUS Module                    rlm_pap(5)

NAME

       rlm_pap - FreeRADIUS Module

DESCRIPTION

       The  rlm_pap  module  authenticates  RADIUS Access-Request packets that
       contain a User-Password attribute.  The module should  also  be  listed
       last  in  the  authorize  section,  so  that  it  can set the Auth-Type
       attribute as appropriate.

       When a RADIUS packet contains a clear-text password in the  form  of  a
       User-Password attribute, the rlm_pap module may be used for authentica-
       tion.  The module requires a "known good" password, which  it  uses  to
       validate  the  password  given in the RADIUS packet.  That "known good"
       password must be supplied by another module (e.g. rlm_files,  rlm_ldap,
       etc.), and is usually taken from a database.

CONFIGURATION

       The only relevant configuration item is:

       auto_header
              If  set  to "yes", the module will look inside of the User-Pass-
              word attribute for the headers {crypt}, {clear}, etc., and  will
              automatically create the appropriate attribute, with the correct
              value.

       This module understands many kinds  of  password  hashing  methods,  as
       given by the following table.


              Header       Attribute          Description
              ------       ---------          -----------
              {clear}      Cleartext-Password clear-text passwords
              {cleartext}  Cleartext-Password clear-text passwords
              {crypt}      Crypt-Password     Unix-style "crypt"ed passwords
              {md5}        MD5-Password       MD5 hashed passwords
              {smd5}       SMD5-Password      MD5 hashed passwords, with a salt
              {sha}        SHA-Password       SHA1 hashed passwords
              {ssha}       SSHA-Password      SHA1 hashed passwords, with a salt
              {nt}         NT-Password        Windows NT hashed passwords
              {x-nthash}   NT-Password        Windows NT hashed passwords
              {lm}         LM-Password        Windows Lan Manager (LM) passwords.


       The module tries to be flexible when handling the various password for-
       mats.  It will automatically handle Base-64 encoded data, hex  strings,
       and  binary data, and convert them to a format that the server can use.

       It is important to understand the difference between the  User-Password
       and Cleartext-Password attributes.  The Cleartext-Password attribute is
       the "known good" password for the user.  Simply supplying  the  Cleart-
       ext-Password  to  the server will result in most authentication methods
       working.  The User-Password attribute is the password as  typed  in  by
       the  user  on  their  private  machine.   The two are not the same, and
       should be treated very differently.  That is, you should generally  not
       use the User-Password attribute anywhere in the RADIUS configuration.

       For  backwards  compatibility,  there  are old configuration parameters
       which may be work, although we do not recommend using them.

SECTIONS

       authorize authenticate

FILES

       /etc/raddb/radiusd.conf

SEE ALSO

       radiusd(8), radiusd.conf(5)

AUTHOR

       Alan DeKok <aland@freeradius.org>




                                  6 June 2008                       rlm_pap(5)

---

Mac OS X 10.6Server - Generated Thu Apr 15 07:12:19 CDT 2010

© manpagez.com 2000-2025
Individual documents may contain additional copyright information.