[RADIATOR] AuthNTLM feature requests

Klara Mall klara.mall at kit.edu
Fri Aug 22 14:46:49 CDT 2014


Hi,

On Fri, Aug 22, 2014 at 01:09:42AM +0300, Heikki Vatiainen wrote:
> On 08/21/2014 01:36 AM, Klara Mall wrote:
> > But anyway this was the reason why I wanted the
> > RewriteFunction to be applicable in AuthBy NTLM. I don't know with
> > which auth methods one could have similar difficuties to use
> > RewriteFunction in the handler. Where one can use it in the handler
> > there is IMHO no need to use it in AuthBy.
> 
> The additional twist here is that the value of 'LANMAN-Challenge' passed
> to ntlm_auth depends on the original username and is calculated by
> AuthBY NTLM. The username actually comes over the tunnel twice: as the
> inner EAP identity and as a part of a MSCHAPv2 message.

I'm not sure, if I got this. In my patch $challenge is
set/calculated before $user is changed by the RewriteFunction. But I
put the RewriteFunction at the same position as the
UsernameMatchesWithoutRealm rewriting. So I thought this is okay.
Isn't it?

> The patch you sent is not in yet, but I thought I'd let you know your
> input has been most useful. It's good to hear about the different
> requirements there are.

Thanks for letting me know. I hope that someday it's in. :)

Regards
Klara


More information about the radiator mailing list