This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Radius password length

Radius password length

Francois_BORLET
New Contributor

‎05-29-2016 09:27 PM

The Extreme XOS is not fully compliant with the RADIUS RFC 2865.
https://tools.ietf.org/html/rfc2865

In the RFC, the length of user is recommended to support at least 64 chars, and for the password at least 128 chars.
But the XOS implementation limits all user and password to 32 chars.
With telnet the password is truncated to 32 chars, but with ssh, the switch block directly without sending to the AAA server.
I understand the internal limitation, but the XOS must be fully compliant with the radius protocol, and the XOS must not apply his internal limit for the external AAA server

For the authentication on external Freeradius with Yubico OTP who generate 44 chars One Time Password, we can't use with this XOS.
Yubico is one of the best opensource OTP solution used by many many company (Google, Facebook, Github), so it could be very nice that the radius implementation permit more than 32 chars (64 at least).

Thanks

0 Kudos
3 REPLIES 3

Chris_H
Extreme Employee

‎06-02-2016 06:10 AM

This should be the same implementation.

For a feature request i recommend getting in touch with the account/sales team, so they can initiate this for you.
0 Kudos

Francois_BORLET
New Contributor

‎06-02-2016 05:55 AM

The page is the 974 and 975 but it's mark to be Used by Network Login.
Il haven't found the same table for SessionManagment

The RFC2138 (1997) and the RFC2865 (2000) recommend both to support at least 64 chars for user, and for the password at least 128 chars in my reading.

I don't know how to opening up a feature request. If you have an URL ?

Thanks
0 Kudos

Chris_H
Extreme Employee

‎06-01-2016 10:30 AM

Hello,

In the EXOS 16.1 User Guide on page 948 it is stated that for the RADIUS User-Password attribute RFC 2138 is being used, not RFC 2865.

For a list of further RADIUS attributes and the corresponding RFC within the EXOS implementation please see the full table on pages 974/975.
The 16.1 User Guide can be found at the following location: http://documentation.extremenetworks.com/exos/16.1/EXOS_User_Guide_16_1.pdf

In case this is causing an issue, as in your case with the Yubico OTP solution, I recommend opening up a feature request to see if this can be implemented.
0 Kudos
GTM-P2G8KFN