14 Feb
2006
14 Feb
'06
11:02 a.m.
Susana Macias <susana_macias12@yahoo.es> wrote:
I would like to know too, Alan
I am only a developer... . And here anyone explains me anything :-(.
Then tell them I said it's a bad idea to put User-Password into Access-Accept. There are probably better ways of doing the same thing, like using Tunnel-Password. And it's even a worse idea to put User-Password into Access-Reject. If anyone thinks it's necessary, then they're doing something wrong. They'd probably be better off using Access-Challenge. If they argue, tell them to email me privately, and I'll discuss it with them. Ignoring the RFC's can lead to serious security problems. Alan DeKok.