Question about cui.post-auth in FR 3
Alan DeKok
aland at deployingradius.com
Tue Jul 8 14:54:48 CEST 2014
Stefan Paetow wrote:
> Alan,
>
> Would you want to throw the User-Name out even if no CUI was generated? Because that's certainly the current behaviour (and bolloxed up some testing here).
Yes. Because the CUI is supposed to be an opaque user identifier.
The User-Name is a non-opaque user identifier.
So... handing out User-Name means that you've just told everyone who
the user is. Which means the secrecy added by CUI is pointless.
Alan DeKok.
More information about the Freeradius-Users
mailing list