-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alexander Clouter wrote: > a.l.m.bu...@lboro.ac.uk wrote: >>> No one in London wants to go to Sussex though and from my logs it does >>> not look like anyway from Sussex wants to go to London either ;) >>> >>> If someone gives me something better to use in my RADIUS packets then >>> I'm game. Meanwhile I keep meaning to glue 'exec' and 'fortune' >>> together and see if anyone notices. >> I've been having a lok at such packets on the national proxy and wonder >> if its because people are just blamming a reply-message in at an wrong >> stage...eg during Auth? would a default entry in use users file or >> SQL group reply table cause such wrongness? most likely. >> > I have an entry in my 'users' file for if people insist on sending their > username without a realm ... hmm that's pretty standard behaviour. We don't require FQUNs either. Though I have no idea why you still insist on using user files for policies. There's this new fangled policy language you know :P > or mix inner/outer domains, <insert other > braindead-ness>. It's more for me whilst looking through my SQL logs, > however I also slip into my Reply-Message a comment if the > authentication attempt was against a test (non-production use) account. > Yeah that's fine... Just strip out the Reply-Message before you send the packet. >> crack-pipe question of the day: >> >> could reply messages be used with some smart server-end code to provide >> a data communication channel? ie user A has code that attempts to use EAP >> with special username coding...the remote server is designed >> to throw responses in EAP messages...which the modified supplicant >> on the client can then extract? this could tunnel traffic through >> an 802.1X restricted network? in fact, is the inner EAP traffic limited >> at all? once the authentication outer layer is started i should be >> able to just keep throwing data back/forward through that tube? >> Wait are you talking about something really quite evil here? Like using EAP as a VPN tunnel ?!?!
Arran -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkorEF8ACgkQcaklux5oVKICSwCcCga36CjkrqGqbrr3YCyQGFfk LRkAoIIMlDiuHXHBPfamcwSCkpKf5KYs =w7Az -----END PGP SIGNATURE----- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html