At 10:05 PM 4/24/2002 +0400, 3APA3A wrote:
>Dear Alan DeKok,
>
>
>
>--Wednesday, April 24, 2002, 10:00:10 PM, you wrote to
>[EMAIL PROTECTED]:
>
>AD> Sinnwell Wolfgang EXT <[EMAIL PROTECTED]> wrote:
> >> But I found a new problem: length of Tunnel-Password
> >> seems to be wrong.
> >> If I understand the RFC 2868 then the password attr
> >> length must be 21 (minimum: type=1 + length=1 + tag=1 + salt=2 +
> pw_string=16).
>
>AD> I'm not sure that the tag has to be there.
>
>The problem is tag 0 is invalid.
No. It *cannot* be skipped in building the attribute.
If a received attribute contains a value *other than* 0x01 through 0x1F
then it should ignored, according to the RFC. The octet's position is
*not* optional.
With *some* of the string attributes, if the tag is > 0x1F then it
*SHOULD* ( rfc's emphasis ) be interpreted as the first byte of the
string value.
A tag value 0x00 simply means that no grouping of attributes is desired,
and the tag value is ignored. It does not mean that you skip the tag
octet in building the attribute for the wire.
-Chris
--
\\\|||/// \ StarNet Inc. \ Chris Parker
\ ~ ~ / \ WX *is* Wireless! \ Director, Engineering
| @ @ | \ http://www.starnetwx.net \ (847) 963-0116
oOo---(_)---oOo--\------------------------------------------------------
\ Wholesale Internet Services - http://www.megapop.net
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
