rlm_pap
Synopsis
The pap module performs authentication for Access-Request requests
that contain a User-Password attribute.
The module accepts a large number of formats for the "known good"
password, such as crypt passwords, md5 passwords, and etc. The module
takes the User-Password and performs the necessary calculations to
verify it against the "known good" password.
The module will look at the Password-With-Header attribute and will
decode it to the correct form. It will also automatically handle
base-64 encoded data, hex strings, and binary data. It will try to
normalize any input attribute it sees in order to authenticate the
user.
For instructions on creating the various types of passwords, see the LDAP FAQ.
| Header | Attribute |
|---|---|
{base64_md5} |
|
{clear} |
|
{cleartext} |
|
{crypt} |
|
{md5} |
|
{ns-mta-md5} |
|
{nt} |
|
{nthash} |
|
{smd5} |
|
{sha2} |
|
{sha384} |
|
{sha256} |
|
{sha512} |
|
{sha} |
|
{ssha} |
|
{ssha224} |
|
{ssha256} |
|
{ssha384} |
|
{ssha512} |
|
{x-nthash} |
|
{x-orcllmv} |
|
{x-orclntv} |
|
Processing Sections
authorize
When listed in the authorize section, the pap module will look for
a User-Password attribute. If one is found, and no Auth-Type or
Proxy-To-Realm attribute is set, the module will set Auth-Type :=
pap.
- Return codes
-
noopThe module detected that PAP authentication could not be performed and did nothing. -
updatedThe module detected that PAP authentication could be performed and setAuth-Type := PAP.
authenticate
When listed in the authenticate section, the pap module will
perform PAP authentication.
- Return codes
-
invalidThe administrator erroneously setAuth-Type := PAP. The module is unable to perform PAP authentication. -
failNo "known good" password was found. The module is unable to perform PAP authentication. -
rejectThe user failed authentication. -
okThe user succeeded in authenticating.
Expansions
None.
Directives
- Syntax
-
normalize = boolean
- Default
-
yes
- Description