[Serdev] auth_radius module problems in pre39
Jan Janak
jan at iptel.org
Tue Jul 8 19:59:05 UTC 2003
Maxim,
I'll comment it on Thursday, I am terribly busy now.
Jan.
On 08-07 22:58, Maxim Sobolev wrote:
> Folks,
>
> Following is the list of problems we encountered in the auth_radius
> module found in the 0.8.11pre39 snapshot:
>
> 1. Nonce validation apparently doesn't work. I've verified that the
> nonce in client's authenticated request is the same as one send by ser
> in the Unauthorized reply, but check_nonce() fails, I am getting
> "Invalid nonce value received, very suspicious" in the log and the auth
> fails. I've commented check_nonce() call and it now works like a charm.
>
> 2. For some unclear reason, auth module now compares hostname in the
> request URI with realm provided in the appropriate auth header and
> rejects auth if they do not match. This basically makes realm argument
> in *_challenge() and *_authorize() functions totally useless as user
> will be unable to select anything but SER's IP or SER's hostname there.
> IMO this restriction have to be removed or at least conditionalised on
> some config variable.
>
> My auth-related config looks like the following, I did not set any
> auth-related parameters in the config (secret and so on), leaving them
> on their default values.
>
> if (!radius_www_authorize("")) {
> www_challenge("", "0");
> break;
> };
>
>
> Thanks!
>
> -Maxim
>
> _______________________________________________
> Serdev mailing list
> serdev at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serdev
More information about the Serdev
mailing list