(RADIATOR) shared secret and CHAP (revisitte)
Tariq Rashid
tariq.rashid at uk.easynet.net
Mon Dec 6 05:39:34 CST 2004
Hi all,
I'm seeing some behaviour which I was suprised by. I saw that when using
CHAP, the shared secret doesn't have to match. As long as the username and
the associated password match, an Access-Accept is issued.
This has been discussed before:
http://www.open.com.au/archives/radiator/2003-04/msg00114.html
However, I wonder if current radiators (i'm still using 3.3 and 3.8 and
nothing newer yet) are modified to fix this? I know that according to the
protocol, this is not incorrect behaviour!
Any thoughts regarding that layer of security would be appreciated! I is
useful to drop connections and not reply to those NASes which don't have the
correct shared secret. This saved server resources and also doesnt credit
any intruders with a rsponse.
(I also noticed that raidator will reply to auth and acct requests to acct
and auth ports respectively - but this seems to be documented!)
Tariq
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list