Hi,
Some NASes and RADIUS Servers have the option not encrypt the
Tunnel-Password attribute. Some of our clients use this option
for backward-compatibility.
If Radiator is deployed as a RADIUS Proxy in such environment
it will still try to decrypt/re-encrypt Tunnel-Password, which would
obviously be wrong.
I suggest adding a new 'ClearTextTunnelPassword' config keyword flag to
AuthRADIUS. In addition to backward-compatibility this feature could also
be useful for troubleshooting.
In theory it should be possible to achieve the same effect with
hooks (one to backup the Tunnel-Password attribute value before
AuthRADIUS, and another in AuthRADIUS ReplyHook to restore it),
however the solution below seems much cleaner to me.
The required changes to the AuthRADIUS.pm are minimal:
Change
if (defined ($attr = $p->get_attr('Tunnel-Password')))
To
if (defined ($attr = $p->get_attr('Tunnel-Password')) and not
$self->{ClearTextTunnelPassword} )
And in %Radius::AuthRADIUS::ConfigKeywords add:
'ClearTextTunnelPassword' => 'flag',
Best Regards,
Valentin
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
