Sorry for the repost but this problems are forcing-me to leave our FreeRADIUS open to "stealing of identity privileges" ...
PB> I'm trying to instruct our freeradius to check some inconsistences PB> between inner and outer parameters involved in EAP-TTLS and EAP-PEAP PB> authentication of wireless users. PB> PB> If the return attributes are based in outer identity the system can be PB> fooled by using a valid inner identity and obtaining privileges of PB> another user (sent as outer identity). PB> If the return attributes are based in inner identity, because not all PB> the states of EAP authentication involves inner phase, only in the PB> phases that involves inner EAP the correct attributes are returned and PB> as an example, the user isn't correctly mapped in his correct VLAN. PB> PB> How can I validate if the same Realm is used in inner and outer PB> User-Name ? PB> How can I pass variables (attributes) between inner and outer phases ? PB> How can I maintain some context of the authentications in progress so PB> that I can sent the correct parameters in phases that didn't involve PB> inner auth and I can't trust in the outer identity ? TIA. -- Best regards, PedroRibeiro mailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html