Alan DeKok wrote:
> If you're willing to live with passwords in the clear. For
> wireless, passwords should NEVER go over the wireless network in the
> clear. Even CHAP is better.
since Raghu mentioned that it is often misunderstood and Alan just
talked about it, could somebody of you guys explain shortly, what all
this grammar stuff about Auth-Type and the expression token is all
about?
I will make a try and you correct me, if I'm wrong :-)
Auth-Type := Foo is to authenticate by the module foo mentioned in the
authenticate {} section whereas Auth-Type := System is for the server
deciding where to take the password from in the authorize {} section in
radiusd.conf file and to authenticate with the ... appropriate module in
authenticate {} ? It's a little bit unclear to me, in fact... Could you,
please?
Tokens Meaning
------------------------------------------------
== ???
:= ???
Why do we have to use different tokens anyway? Why is "User-Password ==
something" during "Auth-Type := something"? Can it be "Auth-Type ==
something"? Are those not both just Radius-attributes? Does the standard
dictates that? (I admit, I'm too lazy to search for it right now...)
Wouldn't it be better in this case to hide it from the user by
organizing the attributes into corresponding groups?
Thanks a lot,
artur
--
Artur Hecker
artur[at]hecker.info
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
