[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: User Identity issues

To: radiusext@ops.ietf.org
Subject: Re: User Identity issues
From: "Alan DeKok" <aland@ox.org>
Date: Wed, 16 Jun 2004 11:06:34 -0400
In-reply-to: Your message of "Tue, 15 Jun 2004 23:40:50 PDT." <Pine.LNX.4.56.0406152336310.4514@internaut.com>

Bernard Aboba <aboba@internaut.com> wrote:
> Anyone care to write up a discussion of the interoperability issues and an
> examination of the alternative approaches?

  I'd love to, but I'm not sure I have the time.

> Also, I'd like to collect a list of other similar topic areas, so that we
> can make an outline for the document.

e) requiring attributes to be in a certain order

  There's at least one RADIUS client which will bounce packets
verbatim back to the server if it sees attributes in a certain order.

  e.g. a packet containing Attribute-Foo = 1, Attribute-Bar = 2 in
that order is OK, but if the attribute ordering is swapped (even with
other intermediate attributes), the packet is not ignored... but is
"reflected" back to the server.

  The vendor has been notified, and (so far) has refused to correct
the behavior.

f) Mangling Proxy-State

  e.g. parsing the contents of Proxy-State into a local *typed*
variable, and then printing that variable back to a string, before
returning it in a reply packet.

  I believe the vendor has fixed their implementation, but there are
many older versions of the software still in use, which haven't been
upgraded.

  There may be more, but that's what I recall right now.

  Alan DeKok.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

References:
- User Identity issues
  - From: Bernard Aboba <aboba@internaut.com>

Prev by Date: RE: User Identity issues
Next by Date: RE: User Identity issues
Previous by thread: User Identity issues
Next by thread: RE: User Identity issues
Index(es):
- Date
- Thread