Normally, Radiator fetches the user's credentials, such as
password hash, from the server using the PasswordAttr
or EncryptedPasswordAttr
parameter and checks the
password internally. This optional parameter causes the server to check
the password instead. This is useful with servers that implement
proprietary encryption algorithms in their passwords, or do not provide
access to password attribute.
When
ServerChecksPassword
is specified, Radiator sends the
plaintext password with "password" REST API parameter to the server and
the password checking is performed by the server only. This is done in
addition to any parameters added by
RestAuthRequestDef
.
Here
is an example of using
ServerChecksPassword
:
# Send plaintext password to server to check
ServerChecksPassword
CAUTION
ServerChecksPassword
is compatible
with PAP, EAP-TTLS/PAP, and other authentication methods that provide a
plain text password. ServerChecksPassword
does not
work with CHAP, MSCHAP, and most EAP methods since these do not provide a
password Radiator can use with an LDAP bind
operation.