On Thu, 2004-01-08 at 16:19, Alan DeKok wrote: > John Horne <[EMAIL PROTECTED]> wrote: > > This seemed to make no difference. However I did notice, before and > > after the change, that if the user file entry has something like: > > > > User-Password != "something" > > > > Then if the user enters the password of 'something' they are > > authenticated. > > It's a bug. > > > In which case I think I am somewhat lost! :-) Given that in our case > > MS-CHAPv2 must be used, and hence some form of encryption is going on, > > do the '!=', '!~' etc operators still apply? > > Not for passwords, for a number of reasons. > Okay, thanks for this. I had a quick look at the rlm_mschap.c code and as far as I could tell the user-supplied password and the password in the 'users' file are encrypted and then compared using memcmp (line 856 from freeradius version 0.9.3). If they are not the same then the authentication fails. In that respect the '!=', etc operators are not used.
Given that, I assume then that it is then not possible to create a default 'users' file entry which will allow *any* user through if we insist on using MS-CHAPv2? John. -- --------------------------------------------------------------- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
