Hello Dave -
At 11:11 -0500 30/11/00, Dave Kitabjian wrote:
>I believe it's a BUG.
>
>Please see my post from last week:
>
> "Radiator/LDAP hangs on binary username!"
I don't believe I have seen this - can you repost?
>to which no one has replied yet, where I described a similar experience.
>Again, AuthBy CDB never misbehaved with these binary usernames, but AuthBy
>LDAP2 will hang Radiator completely.
>
>It's pretty easy to reproduce: telnet to your NAS IP, and when it asks for
>username or login, enter something like:
>
> ���pZ_S^�G*�_��g�_�<BQ����?4y,�h�Mpt��.h__`��_OE�*�v
>
>Bingo. Radiator is trashed. What's worse is that if you have multiple
>Radiator/LDAP servers for redundancy, the NAS will retry until it brings
>down ALL the servers :(
>
>At the moment, we're testing:
>
> RewriteUsername tr#!-'/+-~/##cd
>
>which should strip out all non-printable characters (and a few others),
>which seems to patch the bug so far. But the whole issue makes me pretty
>nervous.
As I have said may times, you are much better off just rejecting
usernames that contain rubbish. This topic has been discussed on the
list several times and I have posted examples. Have a look at the
archive:
http://www.starport.net/~radiator
regards
Hugh
--
NB: I am travelling this week, so there may be delays in our correspondence.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
