I think this is not a good thing, for a couple of reasons:
1) The operation is logged two times: first the failure and then the success. This has two drawbacks:
a) Looking at the logs, it seems that there as been two different requests, while there was only one.
b) If "log_auth_badpass = yes" is used, the first password is logged, even if the lowercase version then worked! So it is mostly equivalent to have the "log_auth_goodpass = yes" too!
2) I see no reason to execute two times the entire authorize process.
This is a great vast of time: for example two SQL or LDAP query are executed!
I don't think that a slightly different password can change the result of the authorization process. Or am I wrong?
If not, then I propose to execute two times only the authentication process.
Bye.
--
___________________________________________________
__
|- [EMAIL PROTECTED]
|ederico Giannici http://www.neomedia.it
___________________________________________________- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
