Re: FreeRadius Proxying and Message-Authenticator

*/ /* * Reinitialize Authenticators. - Original Message - From: Thor Spruyt [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Thursday, September 15, 2005 5:58 PM Subject: Re: FreeRadius Proxying and Message-Authenticator Alan DeKok wrote: Paolo

Re: FreeRadius Proxying and Message-Authenticator

From: Alan DeKok [EMAIL PROTECTED] Paolo Rotela [EMAIL PROTECTED] wrote: No. *Cisco* created it's own version of RADIUS by adding a Message-Authenticator to the Accounting-Response. You are right.. Cisco ALSO created it's own version of RADIUS with this damn thing. And it *is* legal

Re: FreeRadius Proxying and Message-Authenticator

Paolo Rotela [EMAIL PROTECTED] wrote: ... I don't think this discussion is useful. You have your opinions, but you're not responsible for server development. On the other hand, what's the security difference between accepting Accounting-Response packets without a Message-Authenticator

Re: FreeRadius Proxying and Message-Authenticator

- Original Message - From: Alan DeKok [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Thursday, September 15, 2005 2:50 PM Subject: Re: FreeRadius Proxying and Message-Authenticator Paolo Rotela [EMAIL PROTECTED] wrote: ... I don't

Re: FreeRadius Proxying and Message-Authenticator

Alan DeKok wrote: Paolo Rotela [EMAIL PROTECTED] wrote: So you are implementing YOUR radius to support YOUR PROPOSED method... well it seems some propietary... If one wants control over a project, one should start his own project. It's clear to everybody that FreeRadius is widely used because

Re: FreeRadius Proxying and Message-Authenticator

] Subject: Re: FreeRadius Proxying and Message-Authenticator To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Message-ID: [EMAIL PROTECTED] Paolo Rotela [EMAIL PROTECTED] wrote: Hi. I've downloaded FR 1.0.5 whch is supposed to have a bugfix for Message-Authenticator handling

Re: FreeRadius Proxying and Message-Authenticator

Paolo Rotela [EMAIL PROTECTED] wrote: I wonder if it is correct to discard a packet based on the presence of an attribute witch use is not defined by any standard. No. FreeRADIUS doesn't do that. The Message-Authenticator attribute *is* defined, but not well. I've read the

Re: FreeRadius Proxying and Message-Authenticator

From: Alan DeKok [EMAIL PROTECTED] Paolo Rotela [EMAIL PROTECTED] wrote: I wonder if it is correct to discard a packet based on the presence of an attribute witch use is not defined by any standard. No. FreeRADIUS doesn't do that. The Message-Authenticator attribute *is* defined, but

Re: FreeRadius Proxying and Message-Authenticator

Paolo Rotela [EMAIL PROTECTED] wrote: Where is it defined? RFC 2869 only talks about how to handle it in Access-* packets, and particularily the handling with respect to EAP. It doesn't say that you MUST or MAY discard an Accounting-* packet with a missing or bad Message-Authenticator.

Re: FreeRadius Proxying and Message-Authenticator

Paolo Rotela [EMAIL PROTECTED] wrote: Hi. I've downloaded FR 1.0.5 whch is supposed to have a bugfix for Message-Authenticator handling in Accounting-* messages. The issue is that the suggested method of calculatin Message-Authenticator MAY NOT be the same as what Cisco's using. Because