EAP-MD5: Access-Accept packet in debug log messages
Alan DeKok
aland at deployingradius.com
Sun Aug 31 14:45:26 CEST 2014
Axel Luttgens wrote:
> While confronting my config attempts with various scenarios, I noticed that the Message-Authenticator seems to always be displayed as a sequence of null bytes:
Yes. It's printed out before it's calculated.
The exact value of Message-Authenticator doesn't matter. You don't
care what it is in the debug output. You have no way of verifying that
it's correct. So it might as well be all zeros.
> BTW, out of curiosity, attribute User-Name appears to be unconditionally added to the Acces-Accept packet; is this common practice?
Read RFC 3579.
Alan DeKok.
More information about the Freeradius-Users
mailing list