$ in password no auth

Forums Network Management ZeroShell $ in password no auth

  • This topic is empty.
Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
  • #42721

    Hi all,

    sorry if the topic was already raised in the past, bu I couldn’t find it in the forum. I have a weird problem with non-alphanumeric passwords in user authentication (under captive portal). User auth is made against and external radius server (that in turn ask LDAP). When a user use a password with ‘$’ characters he gets access denied. Obviously, if I try to authenticate with radtest from the command line of the zeroshell box I get ‘Access-Accept’ from the radius.

    Having a look to the radius and LDAP log it seems that the ‘$’ characters are substituted someway, since I got a password error code. On the zeroshell box I got just the very same password error.

    Is anybody having the same problem? As for now, we are using version 1.0.beta12, does anybody know it the issue is resolved in beta13?

    thanks for the help


    I ran into this a couple of years ago. http://www.zeroshell.net/eng/forum/viewtopic.php?t=538

    The “$” character is special in the shell and this has not been programmed around. I found it easier to use a different password. It was really strange when it worked for shell access, but not for web.


    Thanks for the reply. I saw your post and I agree with you that is not such a big deal to change the admin password, the problem is to tell to 400 professors and 7000 students not to use $ in __their__ password.
    I cannot even submit a patch or look to the code, since the problem seems to be inside zscp, and the source code AFAIK is not available (fulvio, can you confirm this?).
    I’ll try to figure out if it is possible to escape the $ adding some javascript to the login page.



    This problem is still on zeroshell 1.0beta16.

    Where can I get “zscp” or “kerbynet” text source code ?


Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.