On Mon, Oct 29, 2001 at 08:11:40PM -0500, Tim Mayo wrote: >Bill, > >All versions of the BAY software prior to 18.0.2 are broken in regards >to the Message-Authenticator. They send a strictly MD5 encoded secret >instead of the encoding required by the RFC. This has been fixed in >18.0.2 and only 18.0.2.
Thanks. I guess I have to go through the Annex build stuff again to get erpcd and na current before upgrading the NAS software. In any case, they seem to be working with the Message-Authenticator section disabled. Given that this has also been a problem with Ascend boxes, and maybe other NAS boxes as well, I've been considering adding a field to the client structure that will allow one to disable the Message-Authentication tests on a per-client basis. In looking at the code changes, it seems to me that it would be better to pass a pointer to a radclient object to routines would be better than just passing a pointer to the secret as is now done. This would be a general solution, and later modifications and extensions would require fewer code changes. At a minimum, this would require changes to rad_decode and all references to it. I would think that it would be better to do this for all routines that are using the client secret. Any thoughts on whether this is a Good Idea(tm) and worth pursuing? Bill -- INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Software LLC UUCP: camco!bill PO Box 820; 6641 E. Mercer Way FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676 URL: http://www.celestial.com/ The difference between science and the fuzzy subjects is that science requires reasoning while those other subjects merely require scholarship. -- Robert Heinlein - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
