attribute Password in an Access-Reject packet

Alan DeKok aland at
Tue Feb 14 17:02:55 CET 2006

Susana Macias <susana_macias12 at> wrote:
> I would like to know too, Alan
> I am only a developer... . And here anyone explains me
> anything :-(.

  Then tell them I said it's a bad idea to put User-Password into
Access-Accept.  There are probably better ways of doing the same
thing, like using Tunnel-Password.

  And it's even a worse idea to put User-Password into Access-Reject.
If anyone thinks it's necessary, then they're doing something wrong.
They'd probably be better off using Access-Challenge.

  If they argue, tell them to email me privately, and I'll discuss it
with them.  Ignoring the RFC's can lead to serious security problems.

  Alan DeKok.

More information about the Freeradius-Users mailing list