David Mitchell <mitchell@ucar.edu> wrote:
1) Our tokens display the response in so-called 'phone number' formatting. FreeRadius knows about 4 different CryptoCard formattings according to x99passwd.sample: d7, d8, h7 and h8. Where a response would be formatted as '12345678' in d8 and '1235678' in d7, our tokens display '123-5678'. I was thinking I would either add a new CC encoding setting or modify the module to ignore dashes. But if there is another way I'd love to hear it.
I'd add a new encoding.
2) The X99 module, if it is performing a resync, generates a State attribute which the authenticating device is expected to return unadultered in the response packet. However, the value includes NULL values in the middle of it. Our Cisco devices (both IOS and CatalystOS) appear to be using strcpy()
Yuck. That's a direct violation of the RFC's.
or something similar to copy the State attribute and only return the value up to the embedded NULL as a result. Code already exists in the module to generate an ASCII state value, and I was planning on changing the module so that the ASCII value was always used. My reading of the relevant RFC tells me that this is in fact a Cisco bug, but I have not had good luck in the past convincing Cisco that my interpretation of RFC's is more correct than theirs.
File a bug on bugs.freeradius.org that their implementation is broken. Maybe that will get their attention.
If you know of a way to work around these without hacking on the code, I'd appreciate knowing about it. Or if you have an opinion about how to best fix the above issues in the code, I'd be interested in that as well. Thanks in advance,
For the state problem, just print an ascii state. Alan DeKok.