Was reading my portmaster-users digests and see:
> On 12 May 1998, brently@vivid.net wrote:
> > Noticed in my /etc/raddb/logfile there are several instances of "userXX:
> > security breach". What does this mean?
>
> This isn't in ours that I can recall this message being in.. We also
> don't log to /etc/raddb/logfile normally. What RADIUS is this?
> - -jr
> - ----
> Josh Richards - <jrichard@livingston.com> - <josh@lucent.com>
I couldn't find those strings in radiusd 2.0.1, but ...
>From sources of Livingstion Radius version 1.16:
% grep -i 'security breach' *.c *.h
radiusd.c: sprintf(msg, "Authenticate: from %s - Security Breach: %s\n",
and 1.16 DOES log by default to /etc/raddb/logfile:
% grep logfile *.c *.h
radius.h:#define RADIUS_LOG "logfile"
and a snippet of the code from 1.16 radiusd.c
/* Verify the client and Calculate the MD5 Password Digest */
if(calc_digest(pw_digest, authreq) != 0) {
/* We dont respond when this fails */
sprintf(msg, "Authenticate: from %s - Security Breach: %s\n",
ip_hostname(authreq->ipaddr), namepair->strvalue);
it looks like the message is logged when the MD5 password Digest
calculation fails.
Later.
Derric
-- Derric Scott Scott Network Services, Inc. P. O. Box 361353 derric@scott.net (205)987-5889 Birmingham, AL 35236 - To unsubscribe, email 'majordomo@livingston.com' with 'unsubscribe portmaster-users' in the body of the message. Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>