Skip to content

Commit

Permalink
Update pap documentation and examples
Browse files Browse the repository at this point in the history
  • Loading branch information
@alandekok
alandekok committed Apr 17, 2014
1 parent ef00c77 commit b38ded3
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 15 deletions.
19 changes: 11 additions & 8 deletions man/man5/rlm_pap.5
View file
Expand Up @@ -10,7 +10,7 @@
.RE
.sp
..
.TH rlm_pap 5 "6 June 2008" "" "FreeRADIUS Module"
.TH rlm_pap 5 "17 April 2014" "" "FreeRADIUS Module"
.SH NAME
rlm_pap \- FreeRADIUS Module
.SH DESCRIPTION
Expand All @@ -29,14 +29,14 @@ from a database.
.SH CONFIGURATION
.PP
The only relevant configuration item is:
.IP auto_header
If set to "yes", the module will look inside of the User-Password
attribute for the headers {crypt}, {clear}, etc., and will
automatically create the appropriate attribute, with the correct
value.
.IP normify
The default is "yes". This means that the module will try to convert
hex passwords and base64-encoded passwords to "normalized" form.
However, some clear text passwords may be erroneously converted.
Setting this to "no" prevents that conversion.
.PP
This module understands many kinds of password hashing methods, as
given by the following table.
The module looks for the Password-With-Header attribute to find the
"known good password. The header is given by the following table.
.PP
.DS
.br
Expand Down Expand Up @@ -70,6 +70,9 @@ formats. It will automatically handle Base-64 encoded data, hex
strings, and binary data, and convert them to a format that the server
can use.
.PP
If there is no Password-With-Header attribute, the module looks for
Cleartext-Password, NT-Password, Crypt-Password, etc.
.PP
It is important to understand the difference between the User-Password
and Cleartext-Password attributes. The Cleartext-Password attribute
is the "known good" password for the user. Simply supplying the
Expand Down
7 changes: 0 additions & 7 deletions raddb/mods-available/pap
View file
Expand Up @@ -11,13 +11,6 @@
#
# http://www.openldap.org/faq/data/cache/347.html
pap {
# The "auto_header" configuration item can be set to "yes".
# In this case, the module will look inside of the User-Password
# attribute for the headers {crypt}, {clear}, etc., and will
# automatically create the attribute on the right-hand side,
# with the correct value.
auto_header = no

# By default the server will use heuristics to try and automatically
# handle base64 or hex encoded passwords. This behaviour can be
# stopped by setting the following to "no".
Expand Down

0 comments on commit b38ded3

Please sign in to comment.