Bjørn Mork wrote:
I just stumbled across this which made me worry a bit: ... The reason I'm worrying is dictionary.erx, where I know there are other types (integer, octets and ipaddress) with "encrypt=2" set.
Yes, but the commit has a typo.
And the second issue that made me worry: Why didn't I (and everybody else) hit that by default in ictionary.erx? Well, it seems that FLAG_ENCRYPT_ASCEND_SECRET isn't really 2 as the above made me believe. It is 3. 2 is of course FLAG_ENCRYPT_TUNNEL_PASSWORD.
Yes.
But if it's a typo, then why repeat it in the commit message as well? Was this an attempt to disable other encryption types that FLAG_ENCRYPT_TUNNEL_PASSWORD for other attribute types that strings? Or what exactly was the above trying to fix?
Anyway: Please don't disable tunnel-password encryption of non-string attributes. It works, and it *is* in use.
It's a typo. The real message is about "encrypt=3" Alan DeKok.