attribute value length limit
Alan DeKok
aland at deployingradius.com
Fri Sep 28 13:36:31 CEST 2007
Fco. Javier Melero wrote:
> I've got an LDAP attribute mapped into user-password RADIUS attribute.
> This attribute is RSA-ciphered
And why would you do that? It's completely useless.
> so RADIUS have to deciphered it when it
> arrives in order to use it for authentication. The problem arise when I
> try to use an RSA key pretty much longer than 1400 bytes, because the
> resulting value exceed the 253 bytes RADIUS specification length limit.
> My questions are:
>
> Is this size limit mandatory even when this RADIUS attribute is never
> put on the wire?
In the current implementation of the server, yes.
> If so, could anybody point a way which allow me to use longer RSA keys?
Run a separate program to connect to LDAP, obtain the password, and
decrypt it.
Alan DeKok.
More information about the Freeradius-Users
mailing list