Fco. Javier Melero wrote:
I've got an LDAP attribute mapped into user-password RADIUS attribute. This attribute is RSA-ciphered
And why would you do that? It's completely useless.
so RADIUS have to deciphered it when it arrives in order to use it for authentication. The problem arise when I try to use an RSA key pretty much longer than 1400 bytes, because the resulting value exceed the 253 bytes RADIUS specification length limit. My questions are:
Is this size limit mandatory even when this RADIUS attribute is never put on the wire?
In the current implementation of the server, yes.
If so, could anybody point a way which allow me to use longer RSA keys?
Run a separate program to connect to LDAP, obtain the password, and decrypt it. Alan DeKok.