(RADIATOR) secret key usage in combination with CHAP/PAP

mohamed mohamedm at innovation.kpn.com
Tue Apr 15 07:01:20 CDT 2003


Hi Hugh,
 
The content of section 2.2 which describes the interoperability of the
shared key and PAP/CHAP is only a sub function the shared key. This sub
function is working well according to our test. The main function of the
shared key which is described in the introduction (network security
section) of RFC2865 is not working:  the authentication reply is always
an access accept in case of CHAP (the sub function of the shared key is
not applied for chap), this works even if the configured shared key in
the client and the server are not the same.  My question is: why
Radiator do not drop radius request from client with a false shared key?
 
With Kind Regards
Mohamed
-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au] 
Sent: Friday, April 11, 2003 9:32 AM
To: mohamed; mikem at open.com.au
Cc: radiator at open.com.au
Subject: Re: (RADIATOR) secret key usage in combination with CHAP/PAP
 

Hello Mohamed -

What you describe is correct, according to the Radius RFC's.

It is somewhat confusing I agree.

Have a look at section 2.2 of RFC2865 ("doc/rfc2865.txt").

I have copied this mail to Mike for further comments.

regards

Hugh


On Friday, Apr 11, 2003, at 17:18 Australia/Melbourne, mohamed wrote:
 

Hi

 

The secret key allows the communication between the client and the
radius server, this is also mentioned in the manual:

 

<Client DEFAULT>

    # Configuration parameters for the Client go here

     .....

</Client>
Hint: The configuration file will usually contain the shared secrets
that allow your Radius clients to communicate with the Radiator Radius
server.

 

 



More information about the radiator mailing list