Fco. Javier Melero wrote: > I've got an LDAP attribute mapped into user-password RADIUS attribute. > This attribute is RSA-ciphered
And why would you do that? It's completely useless. > so RADIUS have to deciphered it when it > arrives in order to use it for authentication. The problem arise when I > try to use an RSA key pretty much longer than 1400 bytes, because the > resulting value exceed the 253 bytes RADIUS specification length limit. > My questions are: > > Is this size limit mandatory even when this RADIUS attribute is never > put on the wire? In the current implementation of the server, yes. > If so, could anybody point a way which allow me to use longer RSA keys? Run a separate program to connect to LDAP, obtain the password, and decrypt it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
