RE: Accounting Request Message Authenticator setting to 0x00
Thanks a lot for all the replies. Actually my project requirement needs the authenticator field set to all zero's. and moreover there is no secret as such with the radius server i.e. the secret field is Null while calling rad_send. You may assume that my project requires just the message in Radius Packet format without any secret or security signatures. Any pointers? Thanks in Advance, Regards, -Archna -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ius.org] On Behalf Of Alan DeKok Sent: Thursday, March 15, 2007 7:42 PM To: FreeRadius users mailing list Subject: Re: Accounting Request Message Authenticator setting to 0x00 Archna Mittal wrote: > Is it possible to put authenticator filed in Accounting Request message to > 0x00? If you're using FreeRADIUS, the code works, and does the right thing. If you're developing your own RADIUS software, then this is *not* the appropriate list to ask generic RADIUS questions. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Accounting Request Message Authenticator setting to 0x00
Is it possible to put authenticator filed in Accounting Request message to 0x00? Regards, -Archna -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ius.org] On Behalf Of Michael Lecuyer Sent: Thursday, March 15, 2007 6:47 PM To: FreeRadius users mailing list Subject: Re: Accounting Request Message Authenticator setting to 0x00 It's impossible to put an Message-Authenticator in an accounting packet. It has to do with the way the Accounting-Request packet is signed. The MA is placed in the Access-Request packet as 16 zeroed bytes. The HMAC-MD5 value is calculated over the entire packet and patched into the MA's zeroed value. Since the authenticator is a random number the MA's value does not matter when back patched in the packet. An accounting packet (Accounting-Request) is signed by performing an MD5 over the entire packet and then stuffing that value into the authenticator's position. So the accounting packet is already securely signed and doesn't need another signature on top of that. It would be impossible to calculate the MA since the authenticator starts out zeroed in an accounting packet. When the accounting packet is signed either a precalculated MA will be incorrect or a post-authenticated MA will invalidate the accounting packet's signature. Archna Mittal wrote: > Hi, > > I am a newbie to Radius Protocol. I want to set the Message > Authenticator value to 0x00 in my Accounting Request. I have tried bzero > but its not working. > > Please let me know if there is a way to do it? > > > > > > Thanks & Regards, > > Regards, > > -Archna > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting Request Message Authenticator setting to 0x00
Hi, I am a newbie to Radius Protocol. I want to set the Message Authenticator value to 0x00 in my Accounting Request. I have tried bzero but its not working. Please let me know if there is a way to do it? Thanks & Regards, Regards, -Archna - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
