update upgrade documentation with User-Password deprecation note

author Matthew Newton <mcn4@leicester.ac.uk>

Wed, 3 Oct 2012 00:32:58 +0000 (01:32 +0100)

committer Matthew Newton <mcn4@leicester.ac.uk>

Wed, 3 Oct 2012 16:43:49 +0000 (17:43 +0100)
author Matthew Newton <mcn4@leicester.ac.uk>
Wed, 3 Oct 2012 00:32:58 +0000 (01:32 +0100)
committer Matthew Newton <mcn4@leicester.ac.uk>
Wed, 3 Oct 2012 16:43:49 +0000 (17:43 +0100)
diff --git a/raddb/README.rst b/raddb/README.rst

index 5147bb217e760d7130e9636c866f2bd47b9da4eb..4df3cc030a1931fce2d778c89bc70f9eb83f4496 100644 (file)
--- a/raddb/README.rst
+++ b/raddb/README.rst
@@ -185,3 +185,26 @@ because the TLS code requires threading to work properly.  Instead of doing::
  you will need to do::
  
    $ radiusd -fxx -l stdout
+
+
+PAP and User-Password
+---------------------
+
+From version 3.0 onwards the server no longer supports authenticating
+against a cleartext password in the 'User-Password' attribute. Any
+occurances of this (for instance, in the users file) should now be changed
+to 'Cleartext-Password' instead.
+
+If this is not done, authentication is likely to fail.
+
+If it really is impossible to do this, the following unlang inserted above
+the call to the pap module may be used to copy User-Password to the correct
+attribute. However, this should only be seen as a temporary, not permanent,
+fix.
+
+  if (!control:Cleartext-Password && control:User-Password) {
+    update control {
+      Cleartext-Password := "%{control:User-Password}"
+    }
+  }
+
author	Matthew Newton <mcn4@leicester.ac.uk>
	Wed, 3 Oct 2012 00:32:58 +0000 (01:32 +0100)
committer	Matthew Newton <mcn4@leicester.ac.uk>
	Wed, 3 Oct 2012 16:43:49 +0000 (17:43 +0100)