require_message_authenticator when sending

Stefan Winter stefan.winter at
Tue Mar 19 11:18:20 CET 2013


I just noticed something unintuitive when trying to enforce the presence of
Message-Authenticator on a server which has FreeRADIUS 2.2.0 as a proxying

In proxy.conf, home_server section, there is very strong wording that
require_message_authenticator is good; and the default as spelt out in the
config file is =yes.

My config simply omits the keyword entirely. With all those nice words about
how good it is I was somewhat expecting it to default to yes in the code as
well and set require = yes on the clients.conf on the receiving end.

If omitted, the code sets it to NULL though, which seems to be a "no".

Of course I'm fixing my config by making the yes explicit - but maybe adapting
the defaults in realms.c might be a little more consistent behaviour.


Stefan Winter

Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Freeradius-Users mailing list