Hi, > ATTRIBUTE GSS-Acceptor-Service-Name 164 string
> dictionary.ascend.illegal:ATTRIBUTE X-Ascend-FR-DCE-N393 > 164 integer > > do we care? The same has happened (repeatedly) with other attributes - pretty much all attributes from RFC5580 were in the "stolen" space from Ascend. We've had actual deployment due to that: Operator-Name is a string, but defined by Ascend as an Integer (for something totally different). Some RADIUS servers found that an incoming packet with Operator-Name set, and with a length that was different from 4 characters (i.e. 32 bit "integer") was malformed and discarded the entire request! Others truncated the value after 4 Bytes when proxying - an arguable sanitisation. Others just left it as is - notably FreeRADIUS. I guess all RADIUS servers can be convinced to operate correctly - a simple change of dictionary is required (on MS IAS, the "simple" meant editing an MS Access database with some strange GUI tool though). We are meanwhile actively testing on this particular oddity and warn operators when we find them dropping packets on the floor which have Operator-Name set; and there are instructions for fixing. Your case is the exact same - so I think you have some reason to be slightly worried. It is not unsurmountable though. Greetings, Stefan Winter -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473
signature.asc
Description: OpenPGP digital signature
_______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
