attribute value length limit

Alan DeKok aland at deployingradius.com
Fri Sep 28 13:36:31 CEST 2007


Fco. Javier Melero wrote:
> I've got an  LDAP attribute mapped into user-password RADIUS attribute.
> This attribute is RSA-ciphered

  And why would you do that?  It's completely useless.

> so RADIUS have to deciphered it when it
> arrives in order to use it for authentication. The problem arise when I
> try to use an RSA key pretty much longer than 1400 bytes, because the
> resulting value exceed the 253 bytes RADIUS specification length limit.
> My questions are:
> 
> Is this size limit mandatory even when this RADIUS attribute is never
> put on the wire?

  In the current implementation of the server, yes.

> If so, could anybody point a way which allow me to use longer RSA keys?

  Run a separate program to connect to LDAP, obtain the password, and
decrypt it.

  Alan DeKok.



More information about the Freeradius-Users mailing list