From 20e2828635dc53fd08f5321f167dcb18b34e70c9 Mon Sep 17 00:00:00 2001 From: "Alan T. DeKok" Date: Thu, 17 Apr 2014 09:22:28 -0400 Subject: [PATCH] Update pap documentation and examples --- man/man5/rlm_pap.5 | 19 +++++++++++-------- raddb/mods-available/pap | 7 ------- 2 files changed, 11 insertions(+), 15 deletions(-) diff --git a/man/man5/rlm_pap.5 b/man/man5/rlm_pap.5 index ccf3321e70e8..3e3167bb958e 100644 --- a/man/man5/rlm_pap.5 +++ b/man/man5/rlm_pap.5 @@ -10,7 +10,7 @@ .RE .sp .. -.TH rlm_pap 5 "6 June 2008" "" "FreeRADIUS Module" +.TH rlm_pap 5 "17 April 2014" "" "FreeRADIUS Module" .SH NAME rlm_pap \- FreeRADIUS Module .SH DESCRIPTION @@ -29,14 +29,14 @@ from a database. .SH CONFIGURATION .PP The only relevant configuration item is: -.IP auto_header -If set to "yes", the module will look inside of the User-Password -attribute for the headers {crypt}, {clear}, etc., and will -automatically create the appropriate attribute, with the correct -value. +.IP normify +The default is "yes". This means that the module will try to convert +hex passwords and base64-encoded passwords to "normalized" form. +However, some clear text passwords may be erroneously converted. +Setting this to "no" prevents that conversion. .PP -This module understands many kinds of password hashing methods, as -given by the following table. +The module looks for the Password-With-Header attribute to find the +"known good password. The header is given by the following table. .PP .DS .br @@ -70,6 +70,9 @@ formats. It will automatically handle Base-64 encoded data, hex strings, and binary data, and convert them to a format that the server can use. .PP +If there is no Password-With-Header attribute, the module looks for +Cleartext-Password, NT-Password, Crypt-Password, etc. +.PP It is important to understand the difference between the User-Password and Cleartext-Password attributes. The Cleartext-Password attribute is the "known good" password for the user. Simply supplying the diff --git a/raddb/mods-available/pap b/raddb/mods-available/pap index 5c199a19f94d..0038ecd15484 100644 --- a/raddb/mods-available/pap +++ b/raddb/mods-available/pap @@ -11,13 +11,6 @@ # # http://www.openldap.org/faq/data/cache/347.html pap { - # The "auto_header" configuration item can be set to "yes". - # In this case, the module will look inside of the User-Password - # attribute for the headers {crypt}, {clear}, etc., and will - # automatically create the attribute on the right-hand side, - # with the correct value. - auto_header = no - # By default the server will use heuristics to try and automatically # handle base64 or hex encoded passwords. This behaviour can be # stopped by setting the following to "no".