Re: Radius & Logoff (fwd)

ywliu (team_fbf@asiaonline.net.tw)
Thu, 6 Jun 1996 12:21:22 +0000 ()

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Victor Muslin: "Re: Radius & Logoff (fwd)"
Previous message: ywliu: "Re: Radius & Logoff"
In reply to: MegaZone: "Radius & Logoff (fwd)"
Next in thread: MegaZone: "Re: Radius & Logoff (fwd)"

>
> Once upon a time ywliu shaped the electrons to say...
> >While I was hacking the RADIUS daemons (1.16 or Merit 2.23) to meet our
> >customized needs, I found that , unlike TACACS or ERPCD, RADIUS doesn't seem
> >to support user logout authentication, i.e. when a user logs out from the
>
> Why in the blue blazes would you want ot authenticate on logout?
>
> "Hey, is that you Bob? It'd better be your or I'm not going to let you
> logout!"
>

Of course we cannot prevent a user from logging out. But I think about a
possibile situation that : I connect to the server and then fake a logout
message to the RADIUS server. Then what happens ? I can still be on-line
and the the program handling user billing, using the accounting logs generated
by RADIUS , thinks I am off-line. So, chances are the users can get cheaper
service. Also, I think that's why TACACS and ERPC treat logout as antoher
auth request.

Am I worried too much ?

Yen-Wei Liu

Next message: Victor Muslin: "Re: Radius & Logoff (fwd)"
Previous message: ywliu: "Re: Radius & Logoff"
In reply to: MegaZone: "Radius & Logoff (fwd)"
Next in thread: MegaZone: "Re: Radius & Logoff (fwd)"