Joe Maimon <[EMAIL PROTECTED]> wrote: > Dont know what his requirements are, but the ability to allow any client > in the world to authenticate to my server with any one of X secrets, > thereby allowing me to associate them to client Y as opposed to client Z > is very usefull wherever the IP address range describing the source > of client Y and client Z might overlap.
Sure. But it's a fairly serious performance hit, and a bad idea from the security perspective. > This allows me to have specific configurations for this client, cancel > service to only one of the "entities" and to upgrade/change the secret > without requiring a flag-day event. Hmm... that sounds like it's worth doing. The only problem is that this will really work only for packets that contain Message-Authenticator. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html