From 8a462ae09e86f8a7f4da9acd1837d7977b470322 Mon Sep 17 00:00:00 2001
From: Matthew Newton <mcn4@leicester.ac.uk>
Date: Wed, 3 Oct 2012 01:32:58 +0100
Subject: [PATCH] update upgrade documentation with User-Password deprecation
 note

---
 raddb/README.rst | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/raddb/README.rst b/raddb/README.rst
index 5147bb217e7..4df3cc030a1 100644
--- a/raddb/README.rst
+++ b/raddb/README.rst
@@ -185,3 +185,26 @@ because the TLS code requires threading to work properly.  Instead of doing::
 you will need to do::
 
   $ radiusd -fxx -l stdout
+
+
+PAP and User-Password
+---------------------
+
+From version 3.0 onwards the server no longer supports authenticating
+against a cleartext password in the 'User-Password' attribute. Any
+occurances of this (for instance, in the users file) should now be changed
+to 'Cleartext-Password' instead.
+
+If this is not done, authentication is likely to fail.
+
+If it really is impossible to do this, the following unlang inserted above
+the call to the pap module may be used to copy User-Password to the correct
+attribute. However, this should only be seen as a temporary, not permanent,
+fix.
+
+  if (!control:Cleartext-Password && control:User-Password) {
+    update control {
+      Cleartext-Password := "%{control:User-Password}"
+    }
+  }
+
-- 
2.47.3