pfSense

Sorry, should be under category "Captive Portal" but I can't make that change now.

Why do you need an empty pass?

When using a captive portal, the need is often to display T&C and prevent casual users from getting access, not to provide comprehensive AAA.

Since the RFC doesn't require any password value, I guess the relevant question is "why doesn't pfSense allow an empty pass?"

No updates on this? There seems to be little interest in any changes to RADIUS handling, I keep seeing "why do you need this" when users ask for anything...

Also, with such a low-risk patch there's no reason it couldn't be included in a 2.0x release.

Do you still have a copy of your patch? The attached file produces a 404 here.

I recently submitted a pull request [1] that fixes the problem that an empty secret key for RADIUS servers 2-4 results in them not being used at all (as they are not written to file without a secret key), although the GUI states that an empty secret key is allowed and also accepts it.

[1] https://github.com/bsdperimeter/pfsense/pull/320

That pull request was not for this issue. Please see https://github.com/bsdperimeter/pfsense/pull/357 for the patch allowing an empty password on the captive portal to be passed to RADIUS. Thanks.

Pull request 357 was merged.