Jon Steer wrote:
I am attempting to authenticate freeradius with FDS The issue seems
to be the passwords that are handed back from FDS
Environment:
OS: Fedora 4
FreeRadius : 1.0.4
FDS: 1.0.1
I am using inetOrgPerson and passing back userPassword. But it seems
that no matter which password encoding I use, freeRadius doesn't seem
to understand it.
I am not quite sure what FreeRadius is trying to do here, but it is bad
form to require that the server return the password attribute - it
should only ever be tested against or otherwise manipulated by FDS. A
quick google for "freeradius ldap" suggests that it does not in fact
require clear text passwords and does a bind (as it should) for password
tests :
http://lists.cistron.nl/pipermail/freeradius-users/2002-July/008715.html
As your other post indicates, requiring such things tends to lead to
less security, including how you decide to store the passwords in FDS
(which by default are deliberately stored using a one way hashing scheme)
--
Pete