unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (Debian-5.0)
Page:
Section:
Apropos / Subsearch:
optional field

rlm_pap(5)                     FreeRADIUS Module                    rlm_pap(5)



NAME
       rlm_pap - FreeRADIUS Module

DESCRIPTION
       The  rlm_pap  module  authenticates  RADIUS Access-Request packets that
       contain a User-Password attribute.  The module should  also  be  listed
       last  in  the  authorize  section,  so  that  it  can set the Auth-Type
       attribute as appropriate.

       When a RADIUS packet contains a clear-text password in the  form  of  a
       User-Password attribute, the rlm_pap module may be used for authentica-
       tion.  The module requires a "known good" password, which  it  uses  to
       validate  the  password  given in the RADIUS packet.  That "known good"
       password must be supplied by another module (e.g. rlm_files,  rlm_ldap,
       etc.), and is usually taken from a database.

CONFIGURATION
       The only relevant configuration item is:

       auto_header
              If  set  to "yes", the module will look inside of the User-Pass-
              word attribute for the headers {crypt}, {clear}, etc., and  will
              automatically create the appropriate attribute, with the correct
              value.

       This module understands many kinds  of  password  hashing  methods,  as
       given by the following table.

       Header       Attribute          Description
       ------       ---------          -----------
       {clear}      User-Password      clear-text passwords
       {cleartext}  User-Password      clear-text passwords
       {crypt}      Crypt-Password     Unix-style "crypt"ed passwords
       {md5}        MD5-Password       MD5 hashed passwords
       {smd5}       SMD5-Password      MD5 hashed passwords, with a salt
       {sha}        SHA-Password       SHA1 hashed passwords
       {ssha}       SSHA-Password      SHA1 hashed passwords, with a salt
       {nt}         NT-Password        Windows NT hashed passwords
       {x-nthash}   NT-Password        Windows NT hashed passwords
       {lm}         LM-Password        Windows Lan Manager (LM) passwords.

       The module tries to be flexible when handling the various password for-
       mats.  It will automatically handle Base-64 encoded data, hex  strings,
       and binary data, and convert them to a format that the server can use.

       For  backwards  compatibility,  there  are old configuration parameters
       which may be work, although we do not recommend using them.

SECTIONS
       authorize authenticate

FILES
       /etc/raddb/radiusd.conf

SEE ALSO
       radiusd(8), radiusd.conf(5)

AUTHOR
       Alan DeKok <alandATfreeradius.org>




                                8 February 2005                     rlm_pap(5)