"Brian A. Seklecki" <[EMAIL PROTECTED]> wrote: > If on the authorization stage, the module can read (and cache) the entire > DN's attribute set (actually, any DN in the LDAP), why does it need to use > a "re-connect as the user" method for authentication?
Because some LDAP servers don't supply the password. Also, some administrators use LDAP only for authentication. > If the password in cleartext, comparison is easy. If it's in > SSHA/SHA/MD5/blowfish/crypt, then the comparison can happen against > those algorithms. Which is the default behavior of the server. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
