On ons, 2007-07-25 at 13:31 -0400, Michael W. Lucas wrote:

> If a user logs in from too many machines, or if he enters a wrong
> password, he gets the error message in ERR_NO_SHARING.  I would expect
> a user who signs on too often to get ERR_NO_SHARING and a user who
> fails to authenticate to get the default ERR_CACHE_ACCESS_DENIED.
> 
> Instead, all users get ERR_NO_SHARING.  I would like to give the users
> a useful error message, but obviously I am missing something.

> #clients may only log in from one IP at a time.
> http_access deny noPwSharing

change the above to

http_access deny our_networks radius_auth noPwSharing

and the results will be what you expect, making unauthenticated users be
denied by the radius_auth acl, and authenticated users using too many IP
addresses denied by the noPwSharing ACL.

I also added the out_networks acl to deny probing of the user
passwords.. you probably want to do this on the no_auth_... lines as
well.

Regards
Henrik

Reply via email to