On Mon, 23 Sep 1996, MegaZone wrote:
> Once upon a time Matthew N. Dodd shaped the electrons to say...
> >Just try running stock Livingston radius with your Ascend hardware (or any
> >other hardware that expects authenticated ACKs).
>
> The rather important point you fail to mention is that when 1.16 was written
> the protocol did not call for authenticated ACKs. That was added by the
> working group long after 1.16 was released. So *of course* 1.16 doesn't deal
> with them.
>
> RADIUS 2.0 is our first major revision since that change and it does the
> authentication on ACKs.
>
> -MZ
Really? When I looked at the code the 1.16 code was doing authenticated
ACKs, it just wasn't looking up the secret so it was using a NULL secret
to authenticate with. All in all a pretty good design, `:+). A quick
one-liner was all that was need to add the ACK authentication.
IMHO, the big thing I'd like to see improved in the portmasters is
their SNMP interface. It would be really nice to use SNMP to find out
who's logged in, what their Session-Id is, how many seconds they've been
on, etc. That would be a powerful supplement to the radacct Stop packets.
The MIB-II they support now just isn't up to the task of a Terminal
Server.
- ----------------------------------------------------------------------------
Steven P. Crain scrain@shore.net http://www.shore.net/~scrain
Shore.Net Unix Development and Administration
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Finger me for a public key.
iQB1AwUBMkgAso0DAXSiDippAQFQbwMAjeuKl3v4HXi+Hf9+lO9G3n9oxeRuLwfl
dLLdHGKqfq0jPzEwQ/Sl34NL4MsBlWRnzuELrhFp7DSH3IcP3QbViOqiZfzVqSCO
XRKpoUhymY9F78lh7ZBwTIpasIDVRqfN
=BOwD
-----END PGP SIGNATURE-----