[RADIATOR] Radiator 4.22 issue with clients secret

Heikki Vatiainen hvn at open.com.au
Fri Mar 1 19:07:20 UTC 2019


On 28.2.2019 17.24, Dubravko Penezic wrote:

> I run latest version of Radiator and found that Radiator doesnt check if
> IP and secret match for client. Any good reason for that ?

Secret is checked for Access-Request message only when it contains 
Message-Authenticator attribute. If this attribute is not present, there 
is nothing that can be used to check the secret.

In this case, for example plain PAP authentication, what happens is that 
the User-Password attribute can not be decrypted to its correct 
submitted value, and authentication will fail with 'Bad password' message.

In short, it depends on RADIUS message type and for Access-Request, its 
contents if secret can be used to check that it matches.

Thanks,
Heikki

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,
EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc.


More information about the radiator mailing list