Authentication Failure and User Attributes
Bjørn Mork
bjorn at mork.no
Fri Nov 6 11:03:35 CET 2009
Bob Brandt <bob at brandt.ie> writes:
> I have a little problem that I would like to fix:
>
> My setup right now works great, however there is only little problem, even
> if the user is rejected (i.e. incorrect password) all the user attributes
> are still returned. I think this is a slight security risk, since all you
> need to know is the username to retrieve information about the network...
>
> I am trying to stop this but placing an entry at the top of the users file,
> but I can not figure out what variable to test for?
>
> Any ideas? Where would I look?
raddb/attrs.access_reject
Bjørn
More information about the Freeradius-Users
mailing list