Now that we have Cleartext-Password and Password-With-Header, use
them. i.e.
Move PW_PASSWORD to PW_USER_PASSWORD if it's looking in the request
Move PW_PASSWORD to PW_CLEARTEXT_PASSWORD if it's in the config items
Move PW_USER_PASSWORD to PW_CLEARTEXT_PASSWORD if in config items
Update messages that complain about "known good" password from
User-Password to Cleartext-Password
Update auth.c to rewrite User-Password in config items to
Cleartext-Password, and to print out a big warning message.
Update rlm_pap to use Password-With-Header, but to still accept
User-Password in config items for the same thing, and then delete
User-Password if it had a header.
Still need to update ldap configuration.
23 files changed: