Name
lower_user and lower_pass
Synopsis
To eliminate case problems that
often plague authentication methods
such as RADIUS, the FreeRADIUS developers have included a feature
that will attempt to modify the User-Name and
User-Password attributes to make them all
lowercase; this is done either before an authentication request,
after a failed authentication request using the values of the
attributes as they came, or not at all.
Clearly setting the lower_user directive to
after makes the most sense: it adds processing
time to each request, but unless this particular machine normally
carries a high load, the reduced troubleshooting time is worth the
extra performance cost. However, a secure password often makes use of
a combination of uppercase and lowercase letters, so security
dictates leaving the password attribute alone.
Usage:
lower_user = [before/after/no]; lower_pass = [before/after/no]
Suggestion:
lower_user = after; lower_pass = no
Get RADIUS now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
