[RADIATOR] Radiator 4.22 issue with clients secret
Heikki Vatiainen
hvn at open.com.au
Fri Mar 1 19:07:20 UTC 2019
On 28.2.2019 17.24, Dubravko Penezic wrote:
> I run latest version of Radiator and found that Radiator doesnt check if
> IP and secret match for client. Any good reason for that ?
Secret is checked for Access-Request message only when it contains
Message-Authenticator attribute. If this attribute is not present, there
is nothing that can be used to check the secret.
In this case, for example plain PAP authentication, what happens is that
the User-Password attribute can not be decrypted to its correct
submitted value, and authentication will fail with 'Bad password' message.
In short, it depends on RADIUS message type and for Access-Request, its
contents if secret can be used to check that it matches.
Thanks,
Heikki
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,
EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc.
More information about the radiator
mailing list