inner/outer authentication problem in 2.0.2
Alan DeKok
aland at deployingradius.com
Thu Jun 12 07:32:34 CEST 2008
Gopinath Reddy N wrote:
> But by way of hack if user knows some other valid user name in the
> system he can use that as outer identity and get the policy setting of
> that user. So to avoid that Iam just thinking is there a way I can come
> out of this situation in freeradius
Yes. That's why the inner and outer sessions are in different virtual
servers. Put the policy into the virtual server for the inner tunnel,
and not for the outer session.
Alan DeKok.
More information about the Freeradius-Users
mailing list