Only "string" can have "encrypt=2"

Alan DeKok aland at
Mon Nov 21 17:47:08 CET 2011

Bjørn Mork wrote:
> I just stumbled across this which made me worry a bit:
> The reason I'm worrying is dictionary.erx, where I know there are other
> types (integer, octets and ipaddress) with "encrypt=2" set.

  Yes, but the commit has a typo.

> And the second issue that made me worry: Why didn't I (and everybody
> else) hit that by default in ictionary.erx?  Well, it seems that
> FLAG_ENCRYPT_ASCEND_SECRET isn't really 2 as the above made me believe.
> It is 3.   2 is of course FLAG_ENCRYPT_TUNNEL_PASSWORD.


> But if it's a typo, then why repeat it in the commit message as well?
> Was this an attempt to disable other encryption types that
> FLAG_ENCRYPT_TUNNEL_PASSWORD for other attribute types that strings? Or
> what exactly was the above trying to fix?
> Anyway: Please don't disable tunnel-password encryption of non-string
> attributes.  It works, and it *is* in use.

  It's a typo.  The real message is about "encrypt=3"

  Alan DeKok.

More information about the Freeradius-Users mailing list