Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (Debian-5.0)
Apropos / Subsearch:
optional field

rlm_pap(5)                     FreeRADIUS Module                    rlm_pap(5)

       rlm_pap - FreeRADIUS Module

       The  rlm_pap  module  authenticates  RADIUS Access-Request packets that
       contain a User-Password attribute.  The module should  also  be  listed
       last  in  the  authorize  section,  so  that  it  can set the Auth-Type
       attribute as appropriate.

       When a RADIUS packet contains a clear-text password in the  form  of  a
       User-Password attribute, the rlm_pap module may be used for authentica-
       tion.  The module requires a "known good" password, which  it  uses  to
       validate  the  password  given in the RADIUS packet.  That "known good"
       password must be supplied by another module (e.g. rlm_files,  rlm_ldap,
       etc.), and is usually taken from a database.

       The only relevant configuration item is:

              If  set  to "yes", the module will look inside of the User-Pass-
              word attribute for the headers {crypt}, {clear}, etc., and  will
              automatically create the appropriate attribute, with the correct

       This module understands many kinds  of  password  hashing  methods,  as
       given by the following table.

       Header       Attribute          Description
       ------       ---------          -----------
       {clear}      User-Password      clear-text passwords
       {cleartext}  User-Password      clear-text passwords
       {crypt}      Crypt-Password     Unix-style "crypt"ed passwords
       {md5}        MD5-Password       MD5 hashed passwords
       {smd5}       SMD5-Password      MD5 hashed passwords, with a salt
       {sha}        SHA-Password       SHA1 hashed passwords
       {ssha}       SSHA-Password      SHA1 hashed passwords, with a salt
       {nt}         NT-Password        Windows NT hashed passwords
       {x-nthash}   NT-Password        Windows NT hashed passwords
       {lm}         LM-Password        Windows Lan Manager (LM) passwords.

       The module tries to be flexible when handling the various password for-
       mats.  It will automatically handle Base-64 encoded data, hex  strings,
       and binary data, and convert them to a format that the server can use.

       For  backwards  compatibility,  there  are old configuration parameters
       which may be work, although we do not recommend using them.

       authorize authenticate


       radiusd(8), radiusd.conf(5)

       Alan DeKok <alandATfreeradius.org>

                                8 February 2005                     rlm_pap(5)