Modifying EAP Messages

Arran Cudbard-Bell a.cudbard-bell at sussex.ac.uk
Mon Mar 16 22:56:19 CET 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Alan DeKok wrote:
> Arran Cudbard-Bell wrote:
>> Doesn't PEAPv0 allow you to insert arbitrary TLVs into the inner
>> tunnel ? Isn't that how Microsoft do their NAC stuff ?
>
> Sort of.
>

A magical check box appeared in the XP SP3 and Vista supplicant
'Enable Quarantine Checks'. It'd be a huge win if FR could expose
these values so that they were usable for policy decisions.

I know it's all icky icky Microsoft, but until a giant Apple appears
over Redmond...
>> I was pondering over this the other day, thinking how hard it
>> would be to decode the TLVs included by the windows default
>> supplicant, and expose them as standard attributes...
>
> I have code somewhere from someone claiming to do this.  It's for a
>  *very* old version of the server, and it's not that good code.
>
> We'll see how it goes.
Hmm, could you sling it over my way as well. I'm interested to see
what constitutes bad code in C.

Thanks,
Arran
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkm+ywIACgkQcaklux5oVKIflQCcC+VH2W2T9iCp7PHcV7bQOz1b
MEcAn10mk/7cGyVvVztsJHBJoue5TeQd
=Aelt
-----END PGP SIGNATURE-----




More information about the Freeradius-Users mailing list