freeradius and ADSL-Agent-Circuit-Id
Tim Sylvester
tim.sylvester at networkradius.com
Tue Jul 20 23:03:14 CEST 2010
> This opens up a security hole I wish to avoid - if someone knows what
> my
> circuit Id's look like, and that database is used in any context where
> a
> user can send an id/password to authenticate that does NOT have
> ADSL-Agent-Cirtcuit-Id in it, then I've created a bunch of known user
> id's for the bad guys to use. I am happy having a non-default sql
> database schema but I think I really need the sql lookup to be being
> based on ADSL-Agent-Circuit-Id and not User-Name.
OK. You could try a few other things:
Change the radcheck entry to:
> > +--------+-----------+-----------------------+----+-----------+
> > | id | username | attribute | op | value |
> > +--------+-----------+-----------------------+----+-----------+
> > | 226529 | adslagent | ADSL-Agent-Circuit-Id | := | adslagent |
> > +--------+-----------+-----------------------+----+-----------+
More information about the Freeradius-Users
mailing list