I have exactly the same problem. I set up my LDAP Directory to look like this
userName: simon userPassword: {crypt}idfyugGbdfg Would anyone be interested in me patching rlm_ldap to read the userPassword field and then check the password by the method defined in the {}? This would be configurable obviously. This is exactly how the ldap module in proftp works. - Simon > Hi there, > > first, a short description what we have: > We are using openldap-2.0.15 to store user account data. Our users login > via pam-ldap, and we have a radius running on that machine > (freeradius-0.3) that can authenticate via our openldap server. > > Now the Problem: our users want to fetch their mail via POP, so we have > a pop daemon running. This pop-daemon authenticates via the radius > server, and the radius server authenticates via LDAP. > Regarding security, it would be fine if we could give every user an > extra pop-password, and storing this in LDAP is easy. > > But how can we configure the radius to use our alternative Password > instead of using the LDAP posixAccount userPassword when authenticating? > > Many thanks in advance, > Andreas Grosse > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > Simon Allard (Senior Tool Monkey) IHUG Ph (09) 358-5067 Email: [EMAIL PROTECTED] "Eagles may soar, but weasels don't get sucked into jet engines." - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html