salt-encrypted VSAs?
Bjørn Mork
bjorn at mork.no
Fri Aug 26 13:05:39 CEST 2005
"Alan DeKok" <aland at ox.org> writes:
> =?iso-8859-1?Q?Bj=F8rn_Mork?= <bjorn at mork.no> wrote:
>> My problem seems to be that FreeRADIUS will only encrypt string or
>> octet values, while Juniper has defined salt encrypted integer and
>> ipaddr VSAs too.
>
> Try setting "encrypt=2" for attribute 59. That should work there.
Yup. Thanks. I should have seen that 2 was the correct method.
> For the non-string attributes, it may be possible to patch
> src/lib/radius.c to decrypt them, too. I wouldn't be surprised if the
> patch was only a few lines.
>
> But either you need C experience to write the patch, or you need to
> supply the packet data to someone who can write the patch.
This seems to do the job:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: diff.txt
Type: text/x-patch
Size: 1223 bytes
Desc: encrypted integer hack
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20050826/4f6529c8/attachment.bin>
-------------- next part --------------
Any chance of getting something like this into the 1.0 branch, or
should I prepare a nicer patch for CVS HEAD instead?
There is also this dictionary update to go with it, but it's pretty
useless without the patch:
-------------- next part --------------
Bj?rn
More information about the Freeradius-Users
mailing list