Modifying EAP Messages
Arran Cudbard-Bell
a.cudbard-bell at sussex.ac.uk
Mon Mar 16 22:56:19 CET 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Alan DeKok wrote:
> Arran Cudbard-Bell wrote:
>> Doesn't PEAPv0 allow you to insert arbitrary TLVs into the inner
>> tunnel ? Isn't that how Microsoft do their NAC stuff ?
>
> Sort of.
>
A magical check box appeared in the XP SP3 and Vista supplicant
'Enable Quarantine Checks'. It'd be a huge win if FR could expose
these values so that they were usable for policy decisions.
I know it's all icky icky Microsoft, but until a giant Apple appears
over Redmond...
>> I was pondering over this the other day, thinking how hard it
>> would be to decode the TLVs included by the windows default
>> supplicant, and expose them as standard attributes...
>
> I have code somewhere from someone claiming to do this. It's for a
> *very* old version of the server, and it's not that good code.
>
> We'll see how it goes.
Hmm, could you sling it over my way as well. I'm interested to see
what constitutes bad code in C.
Thanks,
Arran
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkm+ywIACgkQcaklux5oVKIflQCcC+VH2W2T9iCp7PHcV7bQOz1b
MEcAn10mk/7cGyVvVztsJHBJoue5TeQd
=Aelt
-----END PGP SIGNATURE-----
More information about the Freeradius-Users
mailing list