Jon Steer wrote: >I am attempting to authenticate freeradius with FDS The issue seems >to be the passwords that are handed back from FDS > >Environment: > OS: Fedora 4 > FreeRadius : 1.0.4 > FDS: 1.0.1 > >I am using inetOrgPerson and passing back userPassword. But it seems >that no matter which password encoding I use, freeRadius doesn't seem >to understand it. > > > I am not quite sure what FreeRadius is trying to do here, but it is bad form to require that the server return the password attribute - it should only ever be tested against or otherwise manipulated by FDS. A quick google for "freeradius ldap" suggests that it does not in fact require clear text passwords and does a bind (as it should) for password tests : http://lists.cistron.nl/pipermail/freeradius-users/2002-July/008715.html As your other post indicates, requiring such things tends to lead to less security, including how you decide to store the passwords in FDS (which by default are deliberately stored using a one way hashing scheme) -- Pete -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3241 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20060215/b3138900/attachment.bin
