Hello Alan, Thanks again for your previous responses. I have attempted to set the encrypt=1 attribute in the vendor dictionary, but it is only decrypting the first 128 bytes of the message. The message I am attempting to decrypt is larger than 128 bytes. After reading the RFC2865 section 5.2, I see that password decryption is limited to 128 bytes. Unfortunately, our vendor will not change how they are doing things, so I'm rather stuck. I have all the relevant code written in my Perl module to decrypt values larger than 128 bytes, but I simply don't have access to the RADIUS authenticator (random nonce value) outside of the RAD_REQUEST hash. Are there any configuration options available to change the maximum decryption length to greater than 128 bytes or any way for me to retrieve the RADIUS authenticator inside my Perl script? I suppose worst case scenario would be to downgrade to an older version where I can retrieve the %V expansion parameter mentioned earlier. I'd hate to do that though. Thanks for any help, Brandon On Wed, Nov 15, 2023 at 6:12 AM Alan DeKok <aland@deployingradius.com> wrote:
On Nov 15, 2023, at 12:58 AM, Brandon Miller <webasdf@gmail.com> wrote:
Thanks for the reply. I am in need of the request authenticator because of the way a VSA is coming across. When you said that FreeRADIUS should decrypt any encrypted attributes, it got me thinking. I remembered that our vendor said they use rfc2865 to encrypt this attribute. I am about to go to bed for the night and just connected the dots. I checked the dictionary file and I do not see the encrypt=1 clause in there for this attribute. I'll give that a try tomorrow.
Exactly.
Please also send over updates to any dictionaries, so that other people don't run into the same problem.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html