$ in password no auth

Home Page Forums Network Management ZeroShell $ in password no auth

This topic contains 2 replies, has 0 voices, and was last updated by  daserzw 7 years, 9 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #42721

    daserzw
    Member

    Hi all,

    sorry if the topic was already raised in the past, bu I couldn’t find it in the forum. I have a weird problem with non-alphanumeric passwords in user authentication (under captive portal). User auth is made against and external radius server (that in turn ask LDAP). When a user use a password with ‘$’ characters he gets access denied. Obviously, if I try to authenticate with radtest from the command line of the zeroshell box I get ‘Access-Accept’ from the radius.

    Having a look to the radius and LDAP log it seems that the ‘$’ characters are substituted someway, since I got a password error code. On the zeroshell box I got just the very same password error.

    Is anybody having the same problem? As for now, we are using version 1.0.beta12, does anybody know it the issue is resolved in beta13?

    thanks for the help
    bye
    davide

    #51325

    dit
    Member

    I ran into this a couple of years ago. http://www.zeroshell.net/eng/forum/viewtopic.php?t=538

    The “$” character is special in the shell and this has not been programmed around. I found it easier to use a different password. It was really strange when it worked for shell access, but not for web.

    #51326

    daserzw
    Member

    Thanks for the reply. I saw your post and I agree with you that is not such a big deal to change the admin password, the problem is to tell to 400 professors and 7000 students not to use $ in __their__ password.
    I cannot even submit a patch or look to the code, since the problem seems to be inside zscp, and the source code AFAIK is not available (fulvio, can you confirm this?).
    I’ll try to figure out if it is possible to escape the $ adding some javascript to the login page.

    Cheers
    davide

    #51327

    WIPAT
    Member

    This problem is still on zeroshell 1.0beta16.

    Where can I get “zscp” or “kerbynet” text source code ?

    –WIPAT

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.