I'm looking through RFCs 2865 and 5080, and I can't really find anything specific on the format of the shared secret. Must it be pure ASCII, or can it be a hex string? Is there a maximum length (I found the minimum length recommendation)? These have to do with the specifics of the client that I'm developing using the FreeRADIUS client lib. Thanks, ScottN
Scott Neugroschl wrote:
I'm looking through RFCs 2865 and 5080, and I can’t really find anything specific on the format of the shared secret.
The standards are silent on a lot of topics.
Must it be pure ASCII, or can it be a hex string? Is there a maximum length (I found the minimum length recommendation)?
There are no format or length limitations on the shared secret.
These have to do with the specifics of the client that I'm developing using the FreeRADIUS client lib.
It's usually implementation-specific. ASCII strings are a good start. Alan DeKok.
Alan DeKok wrote: Scott Neugroschl wrote:
I'm looking through RFCs 2865 and 5080, and I can’t really find anything specific on the format of the shared secret.
The standards are silent on a lot of topics.
Bloody pain, isn't it?
Must it be pure ASCII, or can it be a hex string? Is there a maximum length (I found the minimum length recommendation)?
There are no format or length limitations on the shared secret.
These have to do with the specifics of the client that I'm developing using the FreeRADIUS client lib.
It's usually implementation-specific. ASCII strings are a good start.
Thanks for the info, Alan. ScottN
I also have a question about shared secret. Namely: how do I get the freeRADIUS client to support shared secrets larger than 48 characters? I tried increasing the size of MAX_SECRET_LENGTH in freeradius-client.h but this did not help. It is possible that fitting the client into our embedded environment, I may have broken something but I tested radclient (against microsoft 2008 server) and it didn't work either. Any ideas? Regards, Adam. Scott Neugroschl wrote:
I'm looking through RFCs 2865 and 5080, and I can't really find anything specific on the format of the shared secret.
Must it be pure ASCII, or can it be a hex string? Is there a maximum length (I found the minimum length recommendation)?
These have to do with the specifics of the client that I'm developing using the FreeRADIUS client lib.
Thanks,
ScottN
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
-- View this message in context: http://old.nabble.com/Shared-Secret-questions.-tp28952008p28963872.html Sent from the FreeRadius - Dev mailing list archive at Nabble.com.
Adam Lewis wrote:
I also have a question about shared secret. Namely: how do I get the freeRADIUS client to support shared secrets larger than 48 characters? I tried increasing the size of MAX_SECRET_LENGTH in freeradius-client.h but this did not help. It is possible that fitting the client into our embedded environment, I may have broken something but I tested radclient (against microsoft 2008 server) and it didn't work either.
I'm going to be looking into this as well. I'm planning on trying to extend it to 256 bytes, just in case. I'm also going to be looking at the handling of the State attribute in rc_avpair_tostr(), since it's not necessarily a NUL terminated ASCII string; but rather a length/octet-string combo. That latter is a heads up to Alan, so he'll know that it might be coming down the road. ScottN
Scott Neugroschl wrote:
I'm going to be looking into this as well. I'm planning on trying to extend it to 256 bytes, just in case.
There isn't a lot of equipment that supports a shared secret longer than 64 characters.
I'm also going to be looking at the handling of the State attribute in rc_avpair_tostr(), since it's not necessarily a NUL terminated ASCII string; but rather a length/octet-string combo.
It's definitely an octet string with a specific length. Alan DeKok.
Adam Lewis wrote:
I also have a question about shared secret. Namely: how do I get the freeRADIUS client to support shared secrets larger than 48 characters? I tried increasing the size of MAX_SECRET_LENGTH in freeradius-client.h but this did not help. It is possible that fitting the client into our embedded environment, I may have broken something but I tested radclient (against microsoft 2008 server) and it didn't work either.
radclient has *no* limit on the length of the shared secret. Alan DeKok.
Sorry Alan, you're quite right. I made the assumption that if the microsoft 2008 server accepted long shared secrets, it *didn't* truncate them. It does. Having now retested against WinRadius - another freely available RADIUS server, both radclient and my embedded client (with the change to MAX_SECRET_LENGTH) appear to work. Thanks, Adam. Alan DeKok-2 wrote:
Adam Lewis wrote:
I also have a question about shared secret. Namely: how do I get the freeRADIUS client to support shared secrets larger than 48 characters? I tried increasing the size of MAX_SECRET_LENGTH in freeradius-client.h but this did not help. It is possible that fitting the client into our embedded environment, I may have broken something but I tested radclient (against microsoft 2008 server) and it didn't work either.
radclient has *no* limit on the length of the shared secret.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
-- View this message in context: http://old.nabble.com/Shared-Secret-questions.-tp28952008p28970862.html Sent from the FreeRadius - Dev mailing list archive at Nabble.com.
Adam Lewis wrote:
Alan DeKok wrote:
radclient has *no* limit on the length of the shared secret.
Sorry Alan, you're quite right. I made the assumption that if the microsoft 2008 server accepted long shared secrets, it *didn't* truncate them. It does. Having now retested against WinRadius - another freely available RADIUS server, both radclient and my embedded client (with the change to MAX_SECRET_LENGTH) appear to work.
Thanks to both of you guys. I'll keep that in mind.
participants (3)
-
Adam Lewis -
Alan DeKok -
Scott Neugroschl