Hello Valentin -
Many thanks for the contribution.
The patch is now available on the web site.
regards
Hugh
Begin forwarded message:
From: Mike McCauley <[EMAIL PROTECTED]>
Date: Thu Apr 3, 2003 10:12:52 Australia/Melbourne
To: Hugh Irvine <[EMAIL PROTECTED]>
Subject: Re: Fwd: Feature Suggestion: optional disabling of Tunnel-Password encryption in AuthRADIUS
Hi Hugh,
added and uploaded. Pls send thanks to Valentin.
Cheers.
On Thu, 3 Apr 2003 08:51 am, Hugh Irvine wrote:Mikey -
Another contribution.
cheers
Hugh
Begin forwarded message:From: Valentin Tumarkin <[EMAIL PROTECTED]> Date: Wed Apr 2, 2003 21:55:08 Australia/Melbourne To: [EMAIL PROTECTED] Cc: Hugh Irvine <[EMAIL PROTECTED]> Subject: Feature Suggestion: optional disabling of Tunnel-Password encryption in AuthRADIUS
Hi,
Some NASes and RADIUS Servers have the option not encrypt the Tunnel-Password attribute. Some of our clients use this option for backward-compatibility.
If Radiator is deployed as a RADIUS Proxy in such environment it will still try to decrypt/re-encrypt Tunnel-Password, which would obviously be wrong.
I suggest adding a new 'ClearTextTunnelPassword' config keyword flag to
AuthRADIUS. In addition to backward-compatibility this feature could
also
be useful for troubleshooting.
In theory it should be possible to achieve the same effect with hooks (one to backup the Tunnel-Password attribute value before AuthRADIUS, and another in AuthRADIUS ReplyHook to restore it), however the solution below seems much cleaner to me.
The required changes to the AuthRADIUS.pm are minimal:
Change if (defined ($attr = $p->get_attr('Tunnel-Password')))
To if (defined ($attr = $p->get_attr('Tunnel-Password')) and not $self->{ClearTextTunnelPassword} )
And in %Radius::AuthRADIUS::ConfigKeywords add: 'ClearTextTunnelPassword' => 'flag',
Best Regards,
Valentin
NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
-- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP etc on Unix, Windows, MacOS etc.
NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
