Hi,

> > yep - but a user could just as easily log in with the user-name of
> > 00:11:22:33:44:55 ;-) 
> >
> Not when you say !EAP-Message too :)

...and how does that stop, lets just say for example, some user coming
along with 802.1X configured on their wired interface and logging it
with 00:11:22:33:44:55 as their user-name with EAP-MD5 ?  ;-)

> Bah, I wrote a "you have to jump this high to connect to the Intertubes" 
> document for work.  The venduhs cannot even get past the tendering phase 
> now :)
> 
> Although it does nothing about the legacy guff, it stops new guff 
> connecting.

thats true in so much that it controls those things...but lets more evil
people on due to it being a nice new hole.  oh well.

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to