.RE
.sp
..
-.TH rlm_pap 5 "6 June 2008" "" "FreeRADIUS Module"
+.TH rlm_pap 5 "17 April 2014" "" "FreeRADIUS Module"
.SH NAME
rlm_pap \- FreeRADIUS Module
.SH DESCRIPTION
.SH CONFIGURATION
.PP
The only relevant configuration item is:
-.IP auto_header
-If set to "yes", the module will look inside of the User-Password
-attribute for the headers {crypt}, {clear}, etc., and will
-automatically create the appropriate attribute, with the correct
-value.
+.IP normify
+The default is "yes". This means that the module will try to convert
+hex passwords and base64-encoded passwords to "normalized" form.
+However, some clear text passwords may be erroneously converted.
+Setting this to "no" prevents that conversion.
.PP
-This module understands many kinds of password hashing methods, as
-given by the following table.
+The module looks for the Password-With-Header attribute to find the
+"known good password. The header is given by the following table.
.PP
.DS
.br
strings, and binary data, and convert them to a format that the server
can use.
.PP
+If there is no Password-With-Header attribute, the module looks for
+Cleartext-Password, NT-Password, Crypt-Password, etc.
+.PP
It is important to understand the difference between the User-Password
and Cleartext-Password attributes. The Cleartext-Password attribute
is the "known good" password for the user. Simply supplying the
#
# http://www.openldap.org/faq/data/cache/347.html
pap {
- # The "auto_header" configuration item can be set to "yes".
- # In this case, the module will look inside of the User-Password
- # attribute for the headers {crypt}, {clear}, etc., and will
- # automatically create the attribute on the right-hand side,
- # with the correct value.
- auto_header = no
-
# By default the server will use heuristics to try and automatically
# handle base64 or hex encoded passwords. This behaviour can be
# stopped by setting the following to "no".