Authentication Failure and User Attributes
Alan DeKok
aland at deployingradius.com
Thu Nov 5 18:46:22 CET 2009
Bob Brandt wrote:
> My setup right now works great, however there is only little problem,
> even if the user is rejected (i.e. incorrect password) all the user
> attributes are still returned. I think this is a slight security risk,
> since all you need to know is the username to retrieve information about
> the network...
That information goes to the NAS. It doesn't go to the end user.
There is no security issue.
Alan DeKok.
More information about the Freeradius-Users
mailing list