*/
/*
* Reinitialize Authenticators.
- Original Message -
From: Thor Spruyt [EMAIL PROTECTED]
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Sent: Thursday, September 15, 2005 5:58 PM
Subject: Re: FreeRadius Proxying and Message-Authenticator
Alan DeKok wrote:
Paolo
From: Alan DeKok [EMAIL PROTECTED]
Paolo Rotela [EMAIL PROTECTED] wrote:
No. *Cisco* created it's own version of RADIUS by adding a
Message-Authenticator to the Accounting-Response.
You are right.. Cisco ALSO created it's own version of RADIUS with this damn
thing.
And it *is* legal
Paolo Rotela [EMAIL PROTECTED] wrote:
...
I don't think this discussion is useful. You have your opinions,
but you're not responsible for server development.
On the other hand, what's the security difference between accepting
Accounting-Response packets without a Message-Authenticator
- Original Message -
From: Alan DeKok [EMAIL PROTECTED]
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Sent: Thursday, September 15, 2005 2:50 PM
Subject: Re: FreeRadius Proxying and Message-Authenticator
Paolo Rotela [EMAIL PROTECTED] wrote:
...
I don't
Alan DeKok wrote:
Paolo Rotela [EMAIL PROTECTED] wrote:
So you are implementing YOUR radius to support YOUR PROPOSED
method... well it seems some propietary...
If one wants control over a project, one should start his own project.
It's clear to everybody that FreeRadius is widely used because
]
Subject: Re: FreeRadius Proxying and Message-Authenticator
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Message-ID: [EMAIL PROTECTED]
Paolo Rotela [EMAIL PROTECTED] wrote:
Hi. I've downloaded FR 1.0.5 whch is supposed to have a bugfix for
Message-Authenticator handling
Paolo Rotela [EMAIL PROTECTED] wrote:
I wonder if it is correct to discard a packet based on the presence of an
attribute witch use is not defined by any standard.
No. FreeRADIUS doesn't do that.
The Message-Authenticator attribute *is* defined, but not well.
I've read the
From: Alan DeKok [EMAIL PROTECTED]
Paolo Rotela [EMAIL PROTECTED] wrote:
I wonder if it is correct to discard a packet based on the presence of an
attribute witch use is not defined by any standard.
No. FreeRADIUS doesn't do that.
The Message-Authenticator attribute *is* defined, but
Paolo Rotela [EMAIL PROTECTED] wrote:
Where is it defined? RFC 2869 only talks about how to handle it in Access-*
packets, and particularily the handling with respect to EAP. It doesn't say
that you MUST or MAY discard an Accounting-* packet with a missing or bad
Message-Authenticator.
Hi. I've downloaded FR 1.0.5 whch is supposed to have a bugfix for
Message-Authenticator handling in Accounting-* messages.
I've tested with radclient, and I'm still having trouble with this
attribute. I've posted about it.
After that, I upgraded my FreeRADIUS production server with the new
Paolo Rotela [EMAIL PROTECTED] wrote:
Hi. I've downloaded FR 1.0.5 whch is supposed to have a bugfix for
Message-Authenticator handling in Accounting-* messages.
The issue is that the suggested method of calculatin
Message-Authenticator MAY NOT be the same as what Cisco's using.
Because
11 matches
Mail list logo