Only "string" can have "encrypt=2"
Alan DeKok
aland at deployingradius.com
Mon Nov 21 17:47:08 CET 2011
Bjørn Mork wrote:
> I just stumbled across this which made me worry a bit:
...
> The reason I'm worrying is dictionary.erx, where I know there are other
> types (integer, octets and ipaddress) with "encrypt=2" set.
Yes, but the commit has a typo.
> And the second issue that made me worry: Why didn't I (and everybody
> else) hit that by default in ictionary.erx? Well, it seems that
> FLAG_ENCRYPT_ASCEND_SECRET isn't really 2 as the above made me believe.
> It is 3. 2 is of course FLAG_ENCRYPT_TUNNEL_PASSWORD.
Yes.
> But if it's a typo, then why repeat it in the commit message as well?
> Was this an attempt to disable other encryption types that
> FLAG_ENCRYPT_TUNNEL_PASSWORD for other attribute types that strings? Or
> what exactly was the above trying to fix?
>
> Anyway: Please don't disable tunnel-password encryption of non-string
> attributes. It works, and it *is* in use.
It's a typo. The real message is about "encrypt=3"
Alan DeKok.
More information about the Freeradius-Users
mailing list