1 .TH rlm_pap 5 "8 February 2005" "" "FreeRADIUS Module"
3 rlm_pap \- FreeRADIUS Module
5 The \fIrlm_pap\fP module authenticates RADIUS Access-Request packets
6 that contain a User-Password attribute. The module should also be
7 listed last in the \fIauthorize\fP section, so that it can set the
8 Auth-Type attribute as appropriate.
10 When a RADIUS packet contains a clear-text password in the form of a
11 User-Password attribute, the \fIrlm_pap\fP module may be used for
12 authentication. The module requires a "known good" password, which it
13 uses to validate the password given in the RADIUS packet. That "known
14 good" password must be supplied by another module
15 (e.g. \fIrlm_files\fP, \fIrlm_ldap\fP, etc.), and is usually taken
19 The only relevant configuration item is:
21 If set to "yes", the module will look inside of the User-Password
22 attribute for the headers {crypt}, {clear}, etc., and will
23 automatically create the appropriate attribute, with the correct
26 This module understands many kinds of password hashing methods, as
27 given by the following table.
31 Header Attribute Description
33 ------ --------- -----------
35 {clear} User-Password clear-text passwords
37 {cleartext} User-Password clear-text passwords
39 {crypt} Crypt-Password Unix-style "crypt"ed passwords
41 {md5} MD5-Password MD5 hashed passwords
43 {smd5} SMD5-Password MD5 hashed passwords, with a salt
45 {sha} SHA-Password SHA1 hashed passwords
47 {ssha} SSHA-Password SHA1 hashed passwords, with a salt
49 {nt} NT-Password Windows NT hashed passwords
51 {x-nthash} NT-Password Windows NT hashed passwords
53 {lm} LM-Password Windows Lan Manager (LM) passwords.
56 The module tries to be flexible when handling the various password
57 formats. It will automatically handle Base-64 encoded data, hex
58 strings, and binary data, and convert them to a format that the server
61 For backwards compatibility, there are old configuration parameters
62 which may be work, although we do not recommend using them.
68 .I /etc/raddb/radiusd.conf
74 Alan DeKok <aland@freeradius.org>