Radius authentication passphrase length

billm

@buraglio:

It authenticates with the new code with a RADIUS box with >=16 passwords but the redirection after fails with some php errors.  I assume that is a cosmetic fix and not critical.  I can work on getting a radius box up probably tomorrow if that'd be helpful.

So it now authenticates accounts with > 16 char passwords?  And authenticates accounts with < 16 char passwords?  Only a PHP error to cleanup?  Good news.  Maybe the PHP error is coming from the $debug define.

–Bill

buraglio

@billm:

@buraglio:

It authenticates with the new code with a RADIUS box with >=16 passwords but the redirection after fails with some php errors.  I assume that is a cosmetic fix and not critical.  I can work on getting a radius box up probably tomorrow if that'd be helpful.

So it now authenticates accounts with > 16 char passwords?  And authenticates accounts with < 16 char passwords?  Only a PHP error to cleanup?  Good news.  Maybe the PHP error is coming from the $debug define.

–Bill

Actually it only authenticates 16 char or below passwords.  I mistyped.  Sorry.

buraglio

Has anyone else noticed this behavior?  Would it be beneficial for me to set up a RADIUS box and give you access to test against?

sullrich

@buraglio:

Has anyone else noticed this behavior?  Would it be beneficial for me to set up a RADIUS box and give you access to test against?

Yes, please do.  Bill does not have access to a tesitng environment for this.

billm

@buraglio:

Has anyone else noticed this behavior?  Would it be beneficial for me to set up a RADIUS box and give you access to test against?

If you can provide me a radius target I can test this myself.

–Bill

buraglio

I'll work on this this afternoon and post when it's done.

buraglio

@buraglio:

I'll work on this this afternoon and post when it's done.

I have this up, I'm still verifying correct functionality.  How would you like to go about testing?

buraglio

ok, I have this working whenever you'd like to start working on it.

billm

@buraglio:

ok, I have this working whenever you'd like to start working on it.

Can you PM me an IP to test against along with two usernames, one with a 15 char password, one with a 20 char password.  I can provide a static IP if needed that I'll be testing from.

–Bill

buraglio

Sent.

billm

OK, fixed.  Thanks!

Grab http://www.pfsense.org/~billm/radius_authentication.inc.txt until this is commited.

–Bill

billm

@billm:

OK, fixed.  Thanks!

Grab http://www.pfsense.org/~billm/radius_authentication.inc.txt until this is commited.

–Bill

I also verified that the code in HEAD works, it's only RELENG_1 that's affected by this.

–Bill

buraglio

This works like a dream now, even in my wacky kerberos backended setup. 
Thanks for all the hard work, it is appreciated.

nb

sullrich

So what exactly should I MFC?

billm

@sullrich:

So what exactly should I MFC?

This:
http://www.pfsense.org/~billm/radius_authentication.inc.diff.txt

–Bill

sullrich

Commited!

hoba

Send it over to the m0ther too  ;D