On Sun, 9 Feb 2003 19:55, Robert Canary wrote: > Let say I have a username of "rcanary". The account is created on the > radius (MySql DB) as UserName=rcanary > > Now lets say I try to dialin (using portslave here in this case). I > mistype the username as *R*canary instead of *r*canary. > The RAS is case sensitive. However, radius is allowing the Rcanary and > rcanary. This results with the user being logged in as "canary" because > portslave will drop the "R".
I can't reproduce this. Portslave only drops the first character if it is one of 'P', 'C', 'S', 'L', or '!'. > If I have two usernames which differ only by the first letter (rcanary > and canary) if rcanary user logs in with a capital letter then they will > be granted access to the other users files. If the two users have the same password then this sort of thing can happen. How can it happen otherwise? Anyway is anyone using this feature? Maybe it would be generally less confusing if I just removed the feature of using prefixes and suffixes for indicating service type and just let this be handled by the RADIUS server. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
