[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: EAP-MD5: Access-Accept packet in debug log messages
From:       Alan DeKok <aland () deployingradius ! com>
Date:       2014-08-31 12:45:26
Message-ID: 540318E6.4020702 () deployingradius ! com
[Download RAW message or body]

Axel Luttgens wrote:
> While confronting my config attempts with various scenarios, I noticed that the \
> Message-Authenticator seems to always be displayed as a sequence of null bytes:

  Yes.  It's printed out before it's calculated.

  The exact value of Message-Authenticator doesn't matter.  You don't
care what it is in the debug output.  You have no way of verifying that
it's correct.  So it might as well be all zeros.

> BTW, out of curiosity, attribute User-Name appears to be unconditionally added to \
> the Acces-Accept packet; is this common practice?

  Read RFC 3579.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


[prev in list] [next in list] [prev in thread] [next in thread]