-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alexander Clouter wrote:
A.L.M.Buxey@lboro.ac.uk wrote:
No one in London wants to go to Sussex though and from my logs it does not look like anyway from Sussex wants to go to London either ;)
If someone gives me something better to use in my RADIUS packets then I'm game. Meanwhile I keep meaning to glue 'exec' and 'fortune' together and see if anyone notices. I've been having a lok at such packets on the national proxy and wonder if its because people are just blamming a reply-message in at an wrong stage...eg during Auth? would a default entry in use users file or SQL group reply table cause such wrongness? most likely.
I have an entry in my 'users' file for if people insist on sending their username without a realm ... hmm that's pretty standard behaviour. We don't require FQUNs either. Though I have no idea why you still insist on using user files for policies. There's this new fangled policy language you know :P or mix inner/outer domains, <insert other braindead-ness>. It's more for me whilst looking through my SQL logs, however I also slip into my Reply-Message a comment if the authentication attempt was against a test (non-production use) account.
Yeah that's fine... Just strip out the Reply-Message before you send the packet.
crack-pipe question of the day:
could reply messages be used with some smart server-end code to provide a data communication channel? ie user A has code that attempts to use EAP with special username coding...the remote server is designed to throw responses in EAP messages...which the modified supplicant on the client can then extract? this could tunnel traffic through an 802.1X restricted network? in fact, is the inner EAP traffic limited at all? once the authentication outer layer is started i should be able to just keep throwing data back/forward through that tube?
Wait are you talking about something really quite evil here? Like using EAP as a VPN tunnel ?!?!
Arran -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkorEF8ACgkQcaklux5oVKICSwCcCga36CjkrqGqbrr3YCyQGFfk LRkAoIIMlDiuHXHBPfamcwSCkpKf5KYs =w7Az -----END PGP SIGNATURE-----