about "freeradius accepts anybody"

Sergio Yébenes Moreno sergioyebenes at alumnos.upm.es
Fri Jul 11 16:01:13 CEST 2008


Ivan Kalik escribió:
>> first, freeradius looks in users file, and only if client is authorized, 
>> checks DNIe. There aren't any problem, only want to show, maybe help 
>> somebody, and to show Ivan Kalik how clients and servers can trust in 
>> different ca's. 
>>     
>
> Oh, but I know exactly what you have done. You have created a list of
> nonsense user entries in users file and forced Auth-Type Reject on all
> the rest. And that has nothing to do with server and client certificates
> being issued bu different CA's.
>
> This will work as well:
>
> user1
>             Fall-Through = No
>
> user2
>             Fall-Through = No
>
> ..
>
> DEFAULT   Auth-Type := Reject
>
> What I don't understand is why? If you do trust issuer of those
> certificates why are you "filtering"? And if you don't trust the
> issuer - why are you using client certificates?
>
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
> __________ Información de NOD32, revisión 3257 (20080710) __________
>
> Este mensaje ha sido analizado con NOD32 antivirus system
> http://www.nod32.com
>
>
>
>   
Oh, I'll try this. Really empty password is shit. Thanks



More information about the Freeradius-Users mailing list