[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-gnu-radius] patchinfo: 2170 Tunnel-Password attribute encryption (R

From: Maurice Makaay
Subject: [Bug-gnu-radius] patchinfo: 2170 Tunnel-Password attribute encryption (RFC2868 par. 3.5)
Date: Wed, 29 Oct 2003 22:54:20 +0100

2170 Tunnel-Password attribute encryption (RFC2868 par. 3.5)
We are using a setup according to RFC2868 ("RADIUS Attributes for
Tunnel Protocol Support", included in the gnu-radius distribution as
doc/rfc/rfc2868.txt). This RFC is not fully supported by gnu-radius.
The Tunnel-Password attribute is always sent in clear text. This
is not correct (see paragraph 3.5). This patch adds attribute
encryption following the RFC. I only implemented encryption. I do not
know if it makes sense to also implement decription (maybe in a proxy
setup?). If you have comments on the need of a decryption algorithm,
please let me know and I'll look into it.

Implementation details:
For the patch, I created a new dictionary attribute flag 'T'
(for Tunnel), which internally sets the AP_RFC2868_CRYPT property
for dictionary items. Just before sending out a radius reply packet,
the server loops through the reply pairs to see if any of them
has the AP_RFC2868_CRYPT property set. If yes, the clear text password
which is stored in the pair is encrypted by calling the function

With kind regards,

Maurice Makaay
InterNLnet BV
The Netherlands

reply via email to

[Prev in Thread] Current Thread [Next in Thread]