Previous message didn't post in human readable.
I want to know how to erase message which I posted. Is that impossible ?
In freeradius-0.2, the state attribute :
info = challenge + time
state = info + hmac(info, key)
If we use multi-radius servers and NAS uses round-robin ?
NAS get the challenge from one server and send the response to another.
To verify it,server can use the secret instead. This will be easy..
In EAP-MD5/Challenge, for verify user password, server has to know the
challenge value which it sent.
In this case, one server knows the challenge value because it sent the
challenge-request.
But the others don't know how to verify user password because they don't
know the challenge value.
In the state attribute, challenge is not a challenge value to encrypt the
password.
NAS never send the challenge value which server sent.
To verify the password, another server will send the challenge-request to
NAS,
and NAS will send response to the other server.
And again and again.... :(
How do you think about this ?
Does freeradius can extract the previous challenge value from the
challenge-response packet ?
How about the state attribute including the challenge value which
NAS(exactly, not NAS but user terminal) use to encrypt password ?
This will be crash with other algorithm(TLS etc.) ?
Like this..
info = IDEA(challenge + time, secret)
state = info + hmac(info, secret)
or
info = challenge + time + hmac(challenge + time, secret)
state = IDEA (info, secret)
The server can get challenge value and verify the user password.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
