I'll add a similar patch to the CVS head, which already has a
MD5-Password attribute defined. So no configuration changes are
required there.
Certainly more appropriate.
However, if one wants to store H(username:realm:password) in LDAP as a userPassword attribute (this is our case at INRIA), will the MD5-Password be replaced by the retrieved attribute during the Authorization phase and then computed by rlm_digest?
As far as I know from testing, the userPassword LDAP value replaces the User-Password RADIUS value if the line password_attribute = userPassword is set in the ldap module configuration section, if ldap is activated in Authorization. This is the reason why we patched the digest module to have the User-Password value modified.
We might need then to adjust the ldap module configuration as well if we want to store encrypted passwords in an LDAP server. Right?
Best Regards,
Philippe Sultan
INRIA
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
