[RADIATOR] (RADIATOR) Patch to hide userpassword whenusingtacacs+ and trace 4, 5
Markus Moeller
huaraz at moeller.plus.com
Sun Jun 14 18:31:13 CDT 2009
Sorry if I repeat, but I still think passwords should not be logged or
displayed, even when debugging.
Markus
----- Original Message -----
From: "Hugh Irvine" <hugh at open.com.au>
To: "Peter Havekes" <p.havekes at avans.nl>
Cc: <radiator at open.com.au>
Sent: Wednesday, June 10, 2009 11:32 PM
Subject: Re: [RADIATOR] (RADIATOR) Patch to hide userpassword
whenusingtacacs+ and trace 4, 5
>
> Hello Peter -
>
> I replied to this yesterday.
>
> Trace 4 (and 5) are meant for debugging purposes, and hence display as
> much information as possible.
>
> For normal production you would normally run Trace 3.
>
> regards
>
> Hugh
>
>
> On 10 Jun 2009, at 01:08, Peter Havekes wrote:
>
>> When using EAP-TTLS + PAP the cleartext passwords are also being
>> logged at trace level 5. Is this a feature or a bug?
>>
>> See example logging (xxxxxxx's are the password):
>>
>>
>>
>>
>>
>> Code: Access-Request
>> Identifier: 151
>> Authentic: <0><167>v<251>rtY<18>4<131><231>r?<208><8>M
>> Attributes:
>> NAS-Port-Id = "AP11/1"
>> Calling-Station-Id = "00-02-78-DF-B5-E5"
>> Called-Station-Id = "00-0B-0E-29-51-C2:eduroam"
>> Service-Type = Framed-User
>> User-Name = "anonymous at avans.nl"
>> NAS-Port = 46947
>> EAP-Message =
>> <
>> 2
>> >
>> <
>> 9
>> >
>> <
>> 0
>> >
>> S
>> <
>> 21
>> >
>> <
>> 0><23><3><1><0>Hf<151><149><163><15><152><249><31><141><168><161>Uc3?
>> K<133><203><241>\V<195>=:<3>C<139>ik<245>#.<133><1
>> NAS-Port-Type = 19
>> NAS-IP-Address = 145.48.82.51
>> NAS-Identifier = "Trapeze"
>> Message-Authenticator = <149><175>Sq@<156><248><128>-
>> <142><143><198><236><170><153><165>
>>
>> Tue Jun 9 10:51:49 2009: DEBUG: Handling request with Handler
>> 'Called-Station-Id=/.*eduroam.*/,Realm=avans.nl,User-Name=/@/'
>> Tue Jun 9 10:51:49 2009: DEBUG: Deleting session for anonymous at avans.nl
>> , 145.48.82.51, 46947
>> Tue Jun 9 10:51:49 2009: DEBUG: Handling with Radius::AuthFILE:
>> Tue Jun 9 10:51:49 2009: DEBUG: Handling with EAP: code 2, 9, 83, 21
>> Tue Jun 9 10:51:49 2009: DEBUG: Response type 21
>> Tue Jun 9 10:51:49 2009: DEBUG: EAP TTLS data, 3, 9, 8
>> Tue Jun 9 10:51:49 2009: DEBUG: TTLS Tunnelled Diameter Packet dump:
>> Code: UNDEF
>> Identifier: UNDEF
>> Authentic: UNDEF
>> Attributes:
>> User-Name = "phavekes at avans.nl"
>> User-Password = "xxxxxxxxxxxxxxxxx"
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> Mike McCauley wrote:
>>>
>>> Hello Markus,
>>>
>>> On Monday 08 June 2009 08:43:10 pm Markus Moeller wrote:
>>>
>>>> Hi Mike,
>>>>
>>>> I can't see what has changed. Can you point me to which file
>>>> has changed
>>>> please ?
>>>>
>>>
>>> ServerTACACSPLUS.pm, about line 682.
>>>
>>> Cheers.
>>>
>>>
>>>> Thank you
>>>> Markus
>>>> ----- Original Message -----
>>>> From: "Mike McCauley" <mikem at open.com.au>
>>>> To: "Markus Moeller" <huaraz at moeller.plus.com>
>>>> Cc: <radiator at open.com.au>
>>>> Sent: Friday, June 05, 2009 11:26 PM
>>>> Subject: Re: [RADIATOR] (RADIATOR) Patch to hide user password
>>>> whenusingtacacs+ and trace 4, 5
>>>>
>>>>
>>>>> Hello Markus,
>>>>>
>>>>> thanks for your note.
>>>>> Our analysis shows that the fix required was different to the one
>>>>> you
>>>>> sent.
>>>>> However, we have made the appropriate fix, and it is now
>>>>> available in the
>>>>> latest patch set.
>>>>> We apologise for any inconvenience.
>>>>>
>>>>> Please let me know how you get on.
>>>>> Cheers.
>>>>>
>>>>> On Saturday 06 June 2009 05:54:14 am Markus Moeller wrote:
>>>>>
>>>>>> Sorry it seems I overlooked another place where the TACACS
>>>>>> password is
>>>>>> logged in clear.
>>>>>>
>>>>>> Would it be possible to change in line 573 in
>>>>>> ServerTACACSPLUS.pm the
>>>>>> following:
>>>>>>
>>>>>> &main::log($main::LOG_DEBUG, "TACACSPLUS derived Radius
>>>>>> request
>>>>>> packet
>>>>>> dump:\n" . $tp->dump)
>>>>>> if (&main::willLog($main::LOG_DEBUG, $self->{parent}));
>>>>>>
>>>>>> to (or similar):
>>>>>>
>>>>>> my $dump = $tp->dump;
>>>>>> $dump =~ s/User-Password = .*\n/User-Password = XXX\n/g;
>>>>>> $dump =~ s/User-Password = .*$/User-Password = XXX/g;
>>>>>> &main::log($main::LOG_DEBUG, "TACACSPLUS derived Radius
>>>>>> request
>>>>>> packet
>>>>>> dump:\n" . $dump)
>>>>>> if (&main::willLog($main::LOG_DEBUG, $self->{parent}));
>>>>>>
>>>>>> Thank you
>>>>>> Markus
>>>>>>
>>>>>>
>>>>>>
>>>>>> ----- Original Message -----
>>>>>> From: "Markus Moeller" <huaraz at moeller.plus.com>
>>>>>> To: "Mike McCauley" <mikem at open.com.au>; <radiator at open.com.au>
>>>>>> Sent: Sunday, January 25, 2009 12:25 PM
>>>>>> Subject: Re: [RADIATOR] (RADIATOR) Patch to hide user password
>>>>>> whenusingtacacs+ and trace 4, 5
>>>>>>
>>>>>>
>>>>>>> Thank you
>>>>>>> Markus
>>>>>>>
>>>>>>> ----- Original Message -----
>>>>>>> From: "Mike McCauley" <mikem at open.com.au>
>>>>>>> To: <radiator at open.com.au>
>>>>>>> Cc: "Markus Moeller" <huaraz at moeller.plus.com>
>>>>>>> Sent: Saturday, January 24, 2009 11:37 PM
>>>>>>> Subject: Re: [RADIATOR] (RADIATOR) Patch to hide user password
>>>>>>> when
>>>>>>> usingtacacs+ and trace 4, 5
>>>>>>>
>>>>>>>
>>>>>>>> Hello Markus,
>>>>>>>>
>>>>>>>> On Thursday 22 January 2009 07:34:43 am Markus Moeller wrote:
>>>>>>>>
>>>>>>>>> Sorry, but what are your thoughts on this now ?
>>>>>>>>>
>>>>>>>> We have now made changes to Tacacs+ authentication so that the
>>>>>>>> plaintext
>>>>>>>> password is not logged, even at DEBUG level.
>>>>>>>>
>>>>>>>> The change is now in the latesst patch set.
>>>>>>>>
>>>>>>>> Thanks for your suggestion.
>>>>>>>>
>>>>>>>> Cheers.
>>>>>>>>
>>>>>>>>
>>>>>>>>> Thank you
>>>>>>>>> Markus
>>>>>>>>>
>>>>>>>>> ----- Original Message -----
>>>>>>>>> From: "Markus Moeller" <huaraz at moeller.plus.com>
>>>>>>>>> To: "Hugh Irvine" <hugh at open.com.au>
>>>>>>>>> Cc: <radiator at open.com.au>
>>>>>>>>> Sent: Thursday, January 15, 2009 8:30 PM
>>>>>>>>> Subject: Re: [RADIATOR] (RADIATOR) Patch to hide user
>>>>>>>>> password when
>>>>>>>>> usingtacacs+ and trace 4, 5
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> Hugh,
>>>>>>>>>>
>>>>>>>>>> I am a bit surprised about your answer. One of the difference
>>>>>>>>>> between Tacacs+ and Radius is that Tacacs+ encrypts the whole
>>>>>>>>>> communication between the NAS device and the Tacacs server and
>>>>>>>>>> sends
>>>>>>>>>> all AV pairs in clear through the encrypted "tunnel" (The
>>>>>>>>>> same way
>>>>>>>>>> as
>>>>>>>>>> EAP-TLS does), whereas Radius uses clear text communication
>>>>>>>>>> with
>>>>>>>>>> an encrypted password
>>>>>>>>>> in the password AV pair. So when you dump the AV pairs for
>>>>>>>>>> Tacacs+
>>>>>>>>>> (and
>>>>>>>>>> EAP-TLS) it is after decrypting the tunnel, so it is all
>>>>>>>>>> visible.
>>>>>>>>>> When you dump the AV pairs with Radius you have still the
>>>>>>>>>> encrypted password.
>>>>>>>>>>
>>>>>>>>>> Here is a trace 4 output, where XXX is the password.
>>>>>>>>>>
>>>>>>>>>> Thu Jan 15 10:41:41 2009: DEBUG: TacacsplusConnection
>>>>>>>>>> Authentication
>>>>>>>>>> CONTINUE 0, markus,
>>>>>>>>>> Thu Jan 15 10:41:41 2009: DEBUG: TacacsplusConnection
>>>>>>>>>> Authentication
>>>>>>>>>> REPLY 5, 1, Password: ,
>>>>>>>>>> Thu Jan 15 10:41:43 2009: DEBUG: TacacsplusConnection
>>>>>>>>>> request 192,
>>>>>>>>>> 1,
>>>>>>>>>> 5,
>>>>>>>>>> 0, 3401247729, 14
>>>>>>>>>> Thu Jan 15 10:41:43 2009: DEBUG: TacacsplusConnection
>>>>>>>>>> Authentication
>>>>>>>>>> CONTINUE 0, XXX,
>>>>>>>>>> Thu Jan 15 10:41:43 2009: DEBUG: TACACSPLUS derived Radius
>>>>>>>>>> request
>>>>>>>>>> packet
>>>>>>>>>> dump:
>>>>>>>>>> Code: Access-Request
>>>>>>>>>> Identifier: UNDEF
>>>>>>>>>> Authentic: N<244>d]<242><195><216><219>X<176><253>
>>>>>>>>>> <19><127><137><183>
>>>>>>>>>> Attributes:
>>>>>>>>>> NAS-IP-Address = 10.1.3.1
>>>>>>>>>> NAS-Port-Id = "tty18"
>>>>>>>>>> Calling-Station-Id = "10.2.5.2"
>>>>>>>>>> Service-Type = Login-User
>>>>>>>>>> AuthType = tacacs
>>>>>>>>>> User-Name = "markus"
>>>>>>>>>> User-Password = XXX
>>>>>>>>>> DeviceType = generic
>>>>>>>>>> DeviceGroup = global
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Regards
>>>>>>>>>> Markus
>>>>>>>>>>
>>>>>>>>>> ----- Original Message -----
>>>>>>>>>> From: "Hugh Irvine" <hugh at open.com.au>
>>>>>>>>>> To: "Markus Moeller" <huaraz at moeller.plus.com>
>>>>>>>>>> Cc: <radiator at open.com.au>
>>>>>>>>>> Sent: Thursday, January 15, 2009 1:06 AM
>>>>>>>>>> Subject: Re: [RADIATOR] (RADIATOR) Patch to hide user password
>>>>>>>>>> when using
>>>>>>>>>> tacacs+ and trace 4, 5
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>> Hello Markus -
>>>>>>>>>>>
>>>>>>>>>>> Can we first of all determine whether or not Radiator logs
>>>>>>>>>>> cleartext
>>>>>>>>>>> passwords?
>>>>>>>>>>>
>>>>>>>>>>> We don't think it does, but if we are wrong please correct
>>>>>>>>>>> us.
>>>>>>>>>>>
>>>>>>>>>>> Our reluctance has to do with the fact that a simple protocol
>>>>>>>>>>> sniffer will show you exactly the same thing as is shown by
>>>>>>>>>>> Radiator
>>>>>>>>>>> - ie. obfuscated passwords.
>>>>>>>>>>>
>>>>>>>>>>> Our reluctance is also due to the fact that a debug is
>>>>>>>>>>> meant to
>>>>>>>>>>> provide
>>>>>>>>>>> all of the information needed to fix problems - and the
>>>>>>>>>>> biggest
>>>>>>>>>>> problem
>>>>>>>>>>> tends to be with passwords.
>>>>>>>>>>>
>>>>>>>>>>> If you can show us that Radiator is logging cleartext
>>>>>>>>>>> passwords
>>>>>>>>>>> we will
>>>>>>>>>>> look at fixing it.
>>>>>>>>>>>
>>>>>>>>>>> If Radiator is logging the same packet data as shown by a
>>>>>>>>>>> sniffer, then
>>>>>>>>>>> we probably won't change anything.
>>>>>>>>>>>
>>>>>>>>>>> regards
>>>>>>>>>>>
>>>>>>>>>>> Hugh
>>>>>>>>>>>
>>>>>>>>>>> On 15 Jan 2009, at 08:38, Markus Moeller wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Sorry to be persistent, but I don't understand your
>>>>>>>>>>>> unwillingness to hide the password during trace. Let me
>>>>>>>>>>>> try to
>>>>>>>>>>>> explain again why
>>>>>>>>>>>> I need
>>>>>>>>>>>> it.
>>>>>>>>>>>>
>>>>>>>>>>>> We want to use Radiator as main Radius and Tacacs
>>>>>>>>>>>> authentication server which forwards the requests to our
>>>>>>>>>>>> central
>>>>>>>>>>>> Active Directory
>>>>>>>>>>>> for
>>>>>>>>>>>> password verification. The server will be maintained by an
>>>>>>>>>>>> operations
>>>>>>>>>>>> team of several people, who from time to time need to add
>>>>>>>>>>>> devices
>>>>>>>>>>>> and
>>>>>>>>>>>> troubleshoot issues. They are not always skilled enough
>>>>>>>>>>>> to know
>>>>>>>>>>>> what
>>>>>>>>>>>> trace level to use (e.g. 3,4 or higher (usually highest
>>>>>>>>>>>> is best
>>>>>>>>>>>> for them)), so they would see during troubleshooting user
>>>>>>>>>>>> passwords which
>>>>>>>>>>>> possibly go into log files. Our internal audit would not
>>>>>>>>>>>> accept
>>>>>>>>>>>> such a
>>>>>>>>>>>> solution. They are saying "You don't leave your cash
>>>>>>>>>>>> openly on
>>>>>>>>>>>> your desk in the office. You will put it in the drawer
>>>>>>>>>>>> even if
>>>>>>>>>>>> it
>>>>>>>>>>>> is unlocked to avoid any temptation." It is not against
>>>>>>>>>>>> malicious
>>>>>>>>>>>> users
>>>>>>>>>>>> as we know there are always ways to get around for
>>>>>>>>>>>> privileged
>>>>>>>>>>>> users,
>>>>>>>>>>>> but they have to actively break rules to get to passwords.
>>>>>>>>>>>>
>>>>>>>>>>>> A custom solution is also not acceptable as any patch need
>>>>>>>>>>>> to be
>>>>>>>>>>>> verified against the changes etc....
>>>>>>>>>>>>
>>>>>>>>>>>> Could you reconsider your answer ?
>>>>>>>>>>>>
>>>>>>>>>>>> Thank you
>>>>>>>>>>>> Markus
>>>>>>>>>>>>
>>>>>>>>>>>> ----- Original Message ----- From: "Hugh Irvine"
>>>>>>>>>>>> <hugh at open.com.au>
>>>>>>>>>>>> To: "Markus Moeller" <huaraz at moeller.plus.com>
>>>>>>>>>>>> Cc: <radiator at open.com.au>
>>>>>>>>>>>> Sent: Wednesday, January 14, 2009 7:02 AM
>>>>>>>>>>>> Subject: Re: [RADIATOR] (RADIATOR) Patch to hide user
>>>>>>>>>>>> password
>>>>>>>>>>>> when
>>>>>>>>>>>> using tacacs+ and trace 4, 5
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>> Hello Markus -
>>>>>>>>>>>>>
>>>>>>>>>>>>> All I can suggest is your own custom code.
>>>>>>>>>>>>>
>>>>>>>>>>>>> regards
>>>>>>>>>>>>>
>>>>>>>>>>>>> Hugh
>>>>>>>>>>>>>
>>>>>>>>>>>>> On 14 Jan 2009, at 10:57, Markus Moeller wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> I still would like to see the password hidden during
>>>>>>>>>>>>>> debug.
>>>>>>>>>>>>>> What
>>>>>>>>>>>>>> would convince you to include it ?
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Thank you
>>>>>>>>>>>>>> Markus
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> ----- Original Message ----- From: "Markus Moeller"
>>>>>>>>>>>>>> <huaraz at moeller.plus.com
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> To: "Bjoern A. Zeeb" <bz-lists at cksoft.de>
>>>>>>>>>>>>>> Cc: <radiator at open.com.au>
>>>>>>>>>>>>>> Sent: Monday, March 10, 2008 1:11 AM
>>>>>>>>>>>>>> Subject: Re: (RADIATOR) Patch to hide user password when
>>>>>>>>>>>>>> using
>>>>>>>>>>>>>> tacacs + and trace 4,5
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> On Sun, 9 Mar 2008, Markus Moeller wrote:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> The User-Password attribute is encoded when Radius is
>>>>>>>>>>>>>>>>> used
>>>>>>>>>>>>>>>>> and
>>>>>>>>>>>>>>>>> the logging with trace 4 or 5 does not reveal the
>>>>>>>>>>>>>>>>> password.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> You mean the password is ot revealed because it is
>>>>>>>>>>>>>>>> "mangled/
>>>>>>>>>>>>>>>> obfucated"?
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Yes
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> You know the authenticator, you know the secret thus you
>>>>>>>>>>>>>>>> know the
>>>>>>>>>>>>>>>> plaintext password when looking at your tracelevel 4
>>>>>>>>>>>>>>>> logs.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> I also forward messages with syslog to a central syslog
>>>>>>>>>>>>>>> server for
>>>>>>>>>>>>>>> monitoring (although ususally not with trace 4,5 but can
>>>>>>>>>>>>>>> happen
>>>>>>>>>>>>>>> when debugging)
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> If you say, but if joe random on that machine sees the
>>>>>>>>>>>>>>>> logs
>>>>>>>>>>>>>>>> he
>>>>>>>>>>>>>>>> doesn't
>>>>>>>>>>>>>>>> know the secret, then it's a matter of the
>>>>>>>>>>>>>>>> ownership/permissions of your logfiles as it would be of
>>>>>>>>>>>>>>>> your radius configuration.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> I may have logfiles readable for operators but not the
>>>>>>>>>>>>>>> clients file
>>>>>>>>>>>>>>> with the secrects
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> A tracelevel > 3 is there for aiding in debugging and
>>>>>>>>>>>>>>>> it's
>>>>>>>>>>>>>>>> pretty
>>>>>>>>>>>>>>>> obvious that you can get a lot of information that way
>>>>>>>>>>>>>>>> to
>>>>>>>>>>>>>>>> find
>>>>>>>>>>>>>>>> a problem. That's how the system is designed to work.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> True, but for example the radius code has also a section
>>>>>>>>>>>>>>> commented
>>>>>>>>>>>>>>> to not log the cleartext password.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> just my 2cts.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Thank you
>>>>>>>>>>>>>>> Markus
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>> Dipl. Ing. (BA) Bjoern A. Zeeb Research &
>>>>>>>>>>>>>>>> Development
>>>>>>>>>>>>>>>> CK Software GmbH
>>>>>>>>>>>>>>>> http://www.cksoft.de/ Schwarzwaldstr. 31
>>>>>>>>>>>>>>>> Phone: +49 7452 889 135
>>>>>>>>>>>>>>>> D-71131 Jettingen Fax: +49 7452
>>>>>>>>>>>>>>>> 889
>>>>>>>>>>>>>>>> 136 HRB245288, Amtsgericht Stuttgart
>>>>>>>>>>>>>>>> Geschaeftsfuehrer: Christian Kratzer
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>> Archive at http://www.open.com.au/archives/radiator/
>>>>>>>>>>>>>>> Announcements on radiator-announce at open.com.au
>>>>>>>>>>>>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>>>>>>>>>>>>> 'unsubscribe radiator' in the body of the message.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>> _______________________________________________
>>>>>>>>>>>>>> radiator mailing list
>>>>>>>>>>>>>> radiator at open.com.au
>>>>>>>>>>>>>> http://www.open.com.au/mailman/listinfo/radiator
>>>>>>>>>>>>>>
>>>>>>>>>>>>> NB:
>>>>>>>>>>>>>
>>>>>>>>>>>>> Have you read the reference manual ("doc/ref.html")?
>>>>>>>>>>>>> Have you searched the mailing list archive
>>>>>>>>>>>>> (www.open.com.au/archives/radiator)?
>>>>>>>>>>>>> Have you had a quick look on Google (www.google.com)?
>>>>>>>>>>>>> Have you included a copy of your configuration file (no
>>>>>>>>>>>>> secrets),
>>>>>>>>>>>>> together with a trace 4 debug showing what is happening?
>>>>>>>>>>>>> Have you checked the RadiusExpert wiki:
>>>>>>>>>>>>> http://www.open.com.au/wiki/index.php/Main_Page
>>>>>>>>>>>>>
>>>>>>>>>>>>> --
>>>>>>>>>>>>> Radiator: the most portable, flexible and configurable
>>>>>>>>>>>>> RADIUS
>>>>>>>>>>>>> server
>>>>>>>>>>>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>>>>>>>>>>>>> Includes support for reliable RADIUS transport (RadSec),
>>>>>>>>>>>>> and DIAMETER translation agent.
>>>>>>>>>>>>> -
>>>>>>>>>>>>> Nets: internetwork inventory and management - graphical,
>>>>>>>>>>>>> extensible,
>>>>>>>>>>>>> flexible with hardware, software, platform and database
>>>>>>>>>>>>> independence.
>>>>>>>>>>>>> -
>>>>>>>>>>>>> CATool: Private Certificate Authority for Unix and Unix-
>>>>>>>>>>>>> like
>>>>>>>>>>>>> systems.
>>>>>>>>>>>>>
>>>>>>>>>>> NB:
>>>>>>>>>>>
>>>>>>>>>>> Have you read the reference manual ("doc/ref.html")?
>>>>>>>>>>> Have you searched the mailing list archive
>>>>>>>>>>> (www.open.com.au/archives/radiator)?
>>>>>>>>>>> Have you had a quick look on Google (www.google.com)?
>>>>>>>>>>> Have you included a copy of your configuration file (no
>>>>>>>>>>> secrets),
>>>>>>>>>>> together with a trace 4 debug showing what is happening?
>>>>>>>>>>> Have you checked the RadiusExpert wiki:
>>>>>>>>>>> http://www.open.com.au/wiki/index.php/Main_Page
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> Radiator: the most portable, flexible and configurable RADIUS
>>>>>>>>>>> server
>>>>>>>>>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>>>>>>>>>>> Includes support for reliable RADIUS transport (RadSec),
>>>>>>>>>>> and DIAMETER translation agent.
>>>>>>>>>>> -
>>>>>>>>>>> Nets: internetwork inventory and management - graphical,
>>>>>>>>>>> extensible,
>>>>>>>>>>> flexible with hardware, software, platform and database
>>>>>>>>>>> independence. -
>>>>>>>>>>> CATool: Private Certificate Authority for Unix and Unix-like
>>>>>>>>>>> systems.
>>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> radiator mailing list
>>>>>>>>>> radiator at open.com.au
>>>>>>>>>> http://www.open.com.au/mailman/listinfo/radiator
>>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> radiator mailing list
>>>>>>>>> radiator at open.com.au
>>>>>>>>> http://www.open.com.au/mailman/listinfo/radiator
>>>>>>>>>
>>>>>>>> --
>>>>>>>> Mike McCauley mikem at open.com.au
>>>>>>>> Open System Consultants Pty. Ltd
>>>>>>>> 9 Bulbul Place Currumbin Waters QLD 4223 Australia
>>>>>>>> http://www.open.com.au Phone +61 7 5598-7474
>>>>>>>> Fax +61 7 5598-7070
>>>>>>>>
>>>>>>>> Radiator: the most portable, flexible and configurable RADIUS
>>>>>>>> server
>>>>>>>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT,
>>>>>>>> Emerald,
>>>>>>>> Platypus, Freeside, TACACS+, PAM, external, Active Directory,
>>>>>>>> EAP,
>>>>>>>> TLS,
>>>>>>>> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, DIAMETER etc. Full source
>>>>>>>> on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
>>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> radiator mailing list
>>>>>>> radiator at open.com.au
>>>>>>> http://www.open.com.au/mailman/listinfo/radiator
>>>>>>>
>>>>> --
>>>>> Mike McCauley mikem at open.com.au
>>>>> Open System Consultants Pty. Ltd
>>>>> 9 Bulbul Place Currumbin Waters QLD 4223 Australia
>>>>> http://www.open.com.au
>>>>> Phone +61 7 5598-7474 Fax +61 7 5598-7070
>>>>>
>>>>> Radiator: the most portable, flexible and configurable RADIUS
>>>>> server
>>>>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT,
>>>>> Emerald,
>>>>> Platypus, Freeside, TACACS+, PAM, external, Active Directory,
>>>>> EAP, TLS,
>>>>> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, DIAMETER etc. Full
>>>>> source
>>>>> on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
>>>>>
>>>
>>>
>>>
>>>
>>
>> ---------------------------------------------------------------------------
>> Op deze e-mail zijn de volgende voorwaarden van toepassing:
>> The following conditions apply to this e-mail:
>> http://emaildisclaimer.avans.nl
>> ---------------------------------------------------------------------------
>>
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive
> (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> Have you checked the RadiusExpert wiki:
> http://www.open.com.au/wiki/index.php/Main_Page
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec),
> and DIAMETER translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
>
More information about the radiator
mailing list