Lets say you achieve that with some packet sniffing software. You don't
have radius packet any more. You have garbage. What now?

Ivan Kalik
Kalik Informatika ISP


Dana 16/3/2007, "Archna Mittal" <[EMAIL PROTECTED]> piše:

>Is it possible to put authenticator filed in Accounting Request message to
>0x00?
>
>Regards,
>-Archna
>
>-----Original Message-----
>From:
>[EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED]
>ius.org] On Behalf Of Michael Lecuyer
>Sent: Thursday, March 15, 2007 6:47 PM
>To: FreeRadius users mailing list
>Subject: Re: Accounting Request Message Authenticator setting to 0x00
>
>It's impossible to put an Message-Authenticator in an accounting packet.
>It has to do with the way the Accounting-Request packet is signed.
>
>The MA is placed in the Access-Request packet as 16 zeroed bytes. The
>HMAC-MD5 value is calculated over the entire packet and patched into the
>MA's zeroed value. Since the authenticator is a random number the MA's
>value does not matter when back patched in the packet.
>
>An accounting packet (Accounting-Request) is signed by performing an MD5
>over the entire packet and then stuffing that value into the
>authenticator's position. So the accounting packet is already securely
>signed and doesn't need another signature on top of that. It would be
>impossible to calculate the MA since the authenticator starts out zeroed
>in an accounting packet. When the accounting packet is signed either a
>precalculated MA will be incorrect or a post-authenticated MA will
>invalidate the accounting packet's signature.
>
>Archna Mittal wrote:
>> Hi,
>>
>>   I am a newbie to Radius Protocol.  I want to set the Message
>> Authenticator value to 0x00 in my Accounting Request. I have tried bzero
>> but its not working.
>>
>> Please let me know if there is a way to do it?
>>
>>
>>
>>
>>
>> Thanks & Regards,
>>
>> Regards,
>>
>> -Archna
>>
>>
>> ------------------------------------------------------------------------
>>
>> -
>> List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html
>
>-
>List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to