(RADIATOR) Radiator, SQL and null passwords
Hugh Irvine
hugh at open.com.au
Fri Jul 25 17:55:27 CDT 2003
Hello Richard -
This is the expected behaviour. If you want to change this you will
need to supply an AuthSelect statement that does something different.
See section 6.28.6 in the Radiator 3.6 reference manual
("doc/ref.html").
Here is the relevant point:
If the password (or encrypted password) column for a user is NULL in
the database, then any password will be accepted for that user.
regards
Hugh
On Saturday, Jul 26, 2003, at 00:54 Australia/Melbourne, Richard
Grantham wrote:
> Hi list,
>
> We are authenticating users against an Oracle database and there is a
> particular Radiator (at least I assume it's Radiator) behaviour which
> we
> would like to eliminate.
>
> Concerning users with null passwords (i.e. a database null in the
> password field. When a password is supplied and the user has a null
> password access is granted. We would like to make it so that if a
> password has been supplied when the user has a null password then
> access
> is denied. I can't see a configuration attribute for this and. I've
> seen the previous posts on null passwords but they are not really
> related.
>
> Any thoughts?
>
> Richard
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 1855 bytes
Desc: not available
URL: <http://www.open.com.au/pipermail/radiator/attachments/20030726/48e836ce/attachment.bin>
More information about the radiator
mailing list