Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 20 Jan 2006 11:07:46 GMT
From:      Riccardo Torrini <riccardo@torrini.org>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   ports/92050: Please update net/openradius to 0.9.11a
Message-ID:  <200601201107.k0KB7kKD066617@www.freebsd.org>
Resent-Message-ID: <200601201110.k0KBA5E7098017@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         92050
>Category:       ports
>Synopsis:       Please update net/openradius to 0.9.11a
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jan 20 11:10:04 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Riccardo Torrini
>Release:        FreeBSD 5.4-STABLE
>Organization:
>Environment:
FreeBSD 5.4-STABLE #15: Tue Jan  3 19:20:33 CET 2006 ...  
>Description:
As Emile van Bergen replyed to my question about random garbage at the end of the password version 0.9.10 fail with passwords that are a multiple of 16 chars so we really need to update our port (I relay RADIUS auth to win AD and our users has very long password).


-----8<-----
> - using same user/pass as win logon and having some really long  
>   password I noticed that password exactly 16 chars long fail
>   auth and log with random garbage at the end.  Is OR imposing
>   this limit or can I change it (and if yes, where?)
> [...]
> radldap: Binding on 'cn={xxx},cn=Users,dc=it,dc={xxx},dc=priv'
>      using password '1234567890123456ª#âÛ²z<ÍCpá'

This is a bug that's present in a few experimental behaviour files that
claimed to overcome the 16 character password length limitation without
using the 'papdecrypt' operator that was added in 0.9.11.

The hack used there failed with passwords that are a multiple of 16
long, and it was a hack anyway, hence the new operator.

Older behaviour files work, and upgrading to 0.9.11b will work too, with
the added benefit of supporting any password length up to 128, as
allowed by the specification.
-----8<-----


I tryed myself and noticed that Emile included previous (0.9.10) patch for FreeBSD made by port maintainer (jettea46@yahoo.com) so sould be fast and simple  :-)

-----8<-----
http://www.xs4all.nl/~evbergen/openradius/download/openradius-0.9.11a/CHANGELOG
[...]
Renamed ARCH variable in build system to ARCHIVE, so that ARCH can hold an architecture name, as is the case on eg. FreeBSD, suggested by Adam Jette <jettea46@yahoo.com>
-----8<-----
>How-To-Repeat:
Install OR 0.9.10 and try to authenticate a user with a 16 char long.
>Fix:
Update to 0.9.11a
>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200601201107.k0KB7kKD066617>