Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

Login anomaly or security issue? (fwd)

0 views

Skip to first unread message

MegaZone

unread,

Jul 25, 1997, 3:00:00 AM7/25/97

Once upon a time Jason Robbins shaped the electrons to say...
>username, a space and his lastname, 'joe last'. He authenticated
>just fine, and a show session listed him as 'joe last', as did the detail

This is a well known issue. Up to 2.0.1 RADIUS truncated on spaces -
so it actually validated 'joe'. But the PM holds only the entire field
in the show, and also sends that to accounting.

In 2.0.1 usernames with spaces are denied.

-MZ
--
Livingston Enterprises - Chair, Department of Interstitial Affairs
Phone: 800-458-9966 510-737-2100 FAX: 510-737-2110 mega...@livingston.com
For support requests: sup...@livingston.com <http://www.livingston.com/>
Snail mail: 4464 Willow Road, Pleasanton, CA 94588

Steven P. Crain

unread,

Jul 25, 1997, 3:00:00 AM7/25/97

On Fri, 25 Jul 1997, MegaZone wrote:

> Once upon a time Jason Robbins shaped the electrons to say...
> >username, a space and his lastname, 'joe last'. He authenticated
> >just fine, and a show session listed him as 'joe last', as did the detail
>
> This is a well known issue. Up to 2.0.1 RADIUS truncated on spaces -
> so it actually validated 'joe'. But the PM holds only the entire field
> in the show, and also sends that to accounting.
>
> In 2.0.1 usernames with spaces are denied.

And, there is a compile time switch if you want the old behaviour
instead.

----------------------------------------------------------------------------
Steven P. Crain scr...@shore.net http://www.shore.net/~scrain
Shore.Net Unix Development and Administration
An ISP with Excellence in the Greater Boston Area.

0 new messages