I have exactly the same problem. I set up my LDAP Directory to look like
this
userName: simon
userPassword: {crypt}idfyugGbdfg
Would anyone be interested in me patching rlm_ldap to read the
userPassword field and then check the password by the method defined in
the {}?
This would be configurable obviously. This is exactly how the ldap module
in proftp works.
- Simon
> Hi there,
>
> first, a short description what we have:
> We are using openldap-2.0.15 to store user account data. Our users login
> via pam-ldap, and we have a radius running on that machine
> (freeradius-0.3) that can authenticate via our openldap server.
>
> Now the Problem: our users want to fetch their mail via POP, so we have
> a pop daemon running. This pop-daemon authenticates via the radius
> server, and the radius server authenticates via LDAP.
> Regarding security, it would be fine if we could give every user an
> extra pop-password, and storing this in LDAP is easy.
>
> But how can we configure the radius to use our alternative Password
> instead of using the LDAP posixAccount userPassword when authenticating?
>
> Many thanks in advance,
> Andreas Grosse
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
Simon Allard (Senior Tool Monkey)
IHUG
Ph (09) 358-5067 Email: [EMAIL PROTECTED]
"Eagles may soar, but weasels don't get sucked into jet engines."
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
