ariq Rashid <[EMAIL PROTECTED]> wrote: > hi - we're seeing a Lucent Stinger device sending radius requests with a > passowrd field that is less than the 16 octets as per protocol.
Welcome to vendor implementations... > now, some radius servers seem not to like this - but freeradius seems to > work fine with this. i suspect that is because freeradius either ignores the > length of that field, or copies it to a zero-padded buffer. It uses the length of the password. See src/lib/radius.c, rad_pwdecode(). It explicitly checks if the password is smaller than 16 characters, and has a few lines of code to ensure that those passwords work. The code was added to deal with NASes like the Lucent one. > am i right? see section of an email below for details... > is this evidence that the problem lucent stinger is malforming its packets? Yes. > or are there valid cases when the Password field is short? No. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
