Jon Steer wrote:
I am not quite sure what FreeRadius is trying to do here, but it is bad form to require that the server return the password attribute - it should only ever be tested against or otherwise manipulated by FDS. A quick google for "freeradius ldap" suggests that it does not in fact require clear text passwords and does a bind (as it should) for password tests : http://lists.cistron.nl/pipermail/freeradius-users/2002-July/008715.htmlI am attempting to authenticate freeradius with FDS The issue seems to be the passwords that are handed back from FDS Environment: OS: Fedora 4 FreeRadius : 1.0.4 FDS: 1.0.1 I am using inetOrgPerson and passing back userPassword. But it seems that no matter which password encoding I use, freeRadius doesn't seem to understand it.
As your other post indicates, requiring such things tends to lead to less security, including how you decide to store the passwords in FDS (which by default are deliberately stored using a one way hashing scheme)
-- Pete
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
