Hello
Our RSA infra was upgraded to address Blast-Radius vulnerability
https://www.blastradius.fail/
Since then, radius-proxy enabled users can no longer authenticate against those
providers.
I understand the RSA radius servers now require Message-Authenticator
attributes to be set which I suppose is the missing piece when freeipa attempts
to authenticate.
Anybody have a view on this?
Thanks
Angus
>From the RSA instructions (lol):
RSA recommends asking your vendors for a fix for the BlastRADIUS vulnerability
and applying the client-side fixes immediately. This must be done before
applying the RSA patches and enabling the Message-Authenticator configuration.
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
