From: Matthew Newton Date: Wed, 3 Oct 2012 00:32:58 +0000 (+0100) Subject: update upgrade documentation with User-Password deprecation note X-Git-Tag: release_3_0_0_beta1~1662^2~5^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8a462ae09e86f8a7f4da9acd1837d7977b470322;p=thirdparty%2Ffreeradius-server.git update upgrade documentation with User-Password deprecation note --- diff --git a/raddb/README.rst b/raddb/README.rst index 5147bb217e7..4df3cc030a1 100644 --- a/raddb/README.rst +++ b/raddb/README.rst @@ -185,3 +185,26 @@ because the TLS code requires threading to work properly. Instead of doing:: you will need to do:: $ radiusd -fxx -l stdout + + +PAP and User-Password +--------------------- + +From version 3.0 onwards the server no longer supports authenticating +against a cleartext password in the 'User-Password' attribute. Any +occurances of this (for instance, in the users file) should now be changed +to 'Cleartext-Password' instead. + +If this is not done, authentication is likely to fail. + +If it really is impossible to do this, the following unlang inserted above +the call to the pap module may be used to copy User-Password to the correct +attribute. However, this should only be seen as a temporary, not permanent, +fix. + + if (!control:Cleartext-Password && control:User-Password) { + update control { + Cleartext-Password := "%{control:User-Password}" + } + } +