(RADIATOR) password modification via radiator
Michael Shoemaker
shoemake at america.net
Fri May 2 08:03:55 CDT 2008
Howdie Hugh,
Yea, that is the methodology that I am planning on using. It is the password
rewrite that I am unsure of. The "current" password is input by the user
when they connect, the "different" password would be one that we would assign
to all users in the auth db. I just want the ability to rewrite the password
sent to the auth server to be the "different" one if they do not auth
correctly with the password they are personally entering.
Once they have authed with the "different" password, we will be changing that
password to the "current" password that they entered to begin with.
The sequence would be:
user connects, using their "current" password.
radiator sends current login/pw and it fails
secondary auth attempt using the "different" password.
radiator sends current login and different password and it auths, user gets
connected, and they think they connected with their "current" password. We
then update the db with the "current" password. Said update however, will not
be done by radiator, we have something else in place for that.
I hope I am making sense :)
Michael
On Friday 02 May 2008 4:44:22 am you wrote:
> Hello Michael -
>
> How exactly do you want this to work?
>
> Where are the "current" and "different" passwords stored?
>
> You should be able to use cascaded AuthBy clauses for this:
>
> # Realm or Handler
>
> <Handler .....>
>
> AuthByPolicy ContinueUntilAccept
>
> <AuthBy ...>
> # check "current" password
> .....
> </AuthBy>
>
> <AuthBy ...>
> # check "different" password
> .....
> </AuthBy>
>
> </Handler>
>
> hope that helps
>
> regards
>
> Hugh
>
> On 2 May 2008, at 07:34, Michael Shoemaker wrote:
> > I saw an earlier thread talking about changing the password using
> > radiator,
> > and the response was to change the password in the appropriate
> > file. I am
> > wanting a way to do this via radiator. Let me explain it a bit.
> >
> > We have a new group of customers coming on from a different isp
> > (buyout) and
> > we want it to be as seamless as possible.
> >
> > We want to be able to check vs their "current" password and if it
> > fails (which
> > it should do) then it auths with a "different" password. if it
> > auths with
> > that pw, we will note it in the logs and change the "different"
> > password with
> > the "current" password. The key here is for the customer to never
> > know that
> > their orig password was not correct to begin with.
> >
> > The logging of their current password isn't an issue, the issue is
> > getting
> > them to auth using the "different" password.
> >
> > I see where a newer version of radiator could allow for this by using
> > NoCheckPassword, but the version we are using is 2.18 and it
> > doesn't have
> > this function. I was thinking of using some sort of preauth hook,
> > but am
> > unsure how to change the password.
> >
> > --
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/
> radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> Have you checked the RadiusExpert wiki:
> http://www.open.com.au/wiki/index.php/Main_Page
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list