Mike Lampson <[EMAIL PROTECTED]> wrote: > > Both. The "after" thing runs the packet through the server twice, > > which is problematic. The "lower_pass" thing can be done in a module. > > I would urge you *not* to do this. We SHA1 encrypt our lowercased, > MySQL-stored passwords. We then lowercase the incoming password from the > authentication request before the PAP module SHA1-encodes it for comparison. > I would rather not process the incoming authentication request through an > additional module prior to performing the authentication.
Whether it's done in the server core or another module is irrelevant to CPU time and memory. The problem is that the server core shouldn't have atrocious hacks like this in it. That functionality already exists in the module infrastructure, in a more stable and more configurable form. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
