On 28.2.2019 17.24, Dubravko Penezic wrote:
I run latest version of Radiator and found that Radiator doesnt check if IP and secret match for client. Any good reason for that ?
Secret is checked for Access-Request message only when it contains Message-Authenticator attribute. If this attribute is not present, there is nothing that can be used to check the secret.
In this case, for example plain PAP authentication, what happens is that the User-Password attribute can not be decrypted to its correct submitted value, and authentication will fail with 'Bad password' message.
In short, it depends on RADIUS message type and for Access-Request, its contents if secret can be used to check that it matches.
Thanks, Heikki -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory, EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc. _______________________________________________ radiator mailing list [email protected] https://lists.open.com.au/mailman/listinfo/radiator
