(RADIATOR) AuthSQL and NULL passwords

[Richard Grantham]

Hi list,

A while ago I asked about configuring Radiator to reject authentications
without NULL passwords when the password is NULL in the database.  Two
solutions were suggested at the time - decoding the password and using
it in the SELECT statement or changing the Radiator code.  I don't think
I could change the SQL statement to decode passwords - plus our
authentication statements are long enough already!  I want to change the
source code to do what we want.  We want to make this change for
security reasons that are a little convoluted to go into in too much
detail!

I'm assuming that this is the code in AuthSQL.pm that needs to be
changed:

# Add a *-Password check item unless the correct password
# was NULL in the database, This means that if
# the password column for a user is NULL,
# then any password is accepted for that user.
    $user->get_check->add_attr
        (defined $self->{EncryptedPassword} ?
            'Encrypted-Password' : 'User-Password', $password)
                if defined $password

I've been playing with it a bit but to no avail.  I'm afraid my 'l33t
perl sk1llz' are not up to much because I can't seem to change
Radiator's behaviour.  For instance, the first thing I did was remove
that 'if defined $password':

    $user->get_check->add_attr
        (defined $self->{EncryptedPassword} ?
            'Encrypted-Password' : 'User-Password', $password);

This didn't do anything.  Can anyone point me in the right direction? 
Have I missed something incredibly obvious?

TIA

Richard
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.