Attribute and Message Editing
Tahseen Hussain
stud3080 at itu.dk
Thu Jun 30 23:35:44 CEST 2005
Hi Everybody,
Is it possilbe to avoid attribute editing and message editing by using
EAP-TTLS or EAP-PEAP in a proxy environment?
As far as I understton, In EAP-TTLS a tunnel is formed between a user and
the TTLS server, now this TTLS server will forward the request to the
proxy and proxy to the home radius server. So the threat here is from
proxy, which can falsely edit attribute and messages.
For example if home radius sever sends Accept-accept packet , it is
possible that a proxy can change the same packet to Access-Reject
(wantedly), so that the user will not be able to access visited network.
Thanks in advance,
Tahseen
More information about the Freeradius-Users
mailing list