"Phillip Ames" <[EMAIL PROTECTED]> wrote:
> Now my user password file contains entries like this:
>
> bad Auth-Type := System, Crypt-Password ==
> "$1$37l.BBR2$bcYRkPw.bkkTAz3gkjsZZ1"
>
> Where "bad" is the user and "$1$37l.BBR2$bcYRkPw.bkkTAz3gkjsZZ1" is the
> md5 of "password"
That won't entirely do what you expect.
> On a side note, I was also unable to discover anything different between
> Auth-Type := System and Auth-Type := Local.
There's a huge difference. Try using the *default* configuration
files as shipped, and you'll see that the users are authenticated
against /etc/passwd, for Auth-Type = "System". Read the default
"users" file. It explains this.
The reason it isn't doing what you expect is that you're telling it
to do two contradictory things. So it picks one which makes sense,
and authenticates the user. You've told it:
1) Look in/etc/passwd to find a crypt'd password for the user, and
then use that crypt'd password to do the authentication
2) Use the given Crypt-Password to do the authentication.
In this case, the server can do one of two things:
a) use /etc/password, dicsover the user isn't there, complain about
that, and reject the user.
b) ignore the request to use /etc/passwd, because the Crypt-Password
matches.
The server currently does (b). If it did (a), you'd be wondering
why it's complaining that it can't find a password for the user, when
you supplied a Crypt-Password.
All these problems stem from a misunderstanding of what "System"
authentication means. It's explained in the default "users" file,
among other places. Please read them.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
