Radius password length
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎05-29-2016 09:27 PM
The Extreme XOS is not fully compliant with the RADIUS RFC 2865.
https://tools.ietf.org/html/rfc2865
In the RFC, the length of user is recommended to support at least 64 chars, and for the password at least 128 chars.
But the XOS implementation limits all user and password to 32 chars.
With telnet the password is truncated to 32 chars, but with ssh, the switch block directly without sending to the AAA server.
I understand the internal limitation, but the XOS must be fully compliant with the radius protocol, and the XOS must not apply his internal limit for the external AAA server
For the authentication on external Freeradius with Yubico OTP who generate 44 chars One Time Password, we can't use with this XOS.
Yubico is one of the best opensource OTP solution used by many many company (Google, Facebook, Github), so it could be very nice that the radius implementation permit more than 32 chars (64 at least).
Thanks
https://tools.ietf.org/html/rfc2865
In the RFC, the length of user is recommended to support at least 64 chars, and for the password at least 128 chars.
But the XOS implementation limits all user and password to 32 chars.
With telnet the password is truncated to 32 chars, but with ssh, the switch block directly without sending to the AAA server.
I understand the internal limitation, but the XOS must be fully compliant with the radius protocol, and the XOS must not apply his internal limit for the external AAA server
For the authentication on external Freeradius with Yubico OTP who generate 44 chars One Time Password, we can't use with this XOS.
Yubico is one of the best opensource OTP solution used by many many company (Google, Facebook, Github), so it could be very nice that the radius implementation permit more than 32 chars (64 at least).
Thanks
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎06-02-2016 06:10 AM
This should be the same implementation.
For a feature request i recommend getting in touch with the account/sales team, so they can initiate this for you.
For a feature request i recommend getting in touch with the account/sales team, so they can initiate this for you.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎06-02-2016 05:55 AM
The page is the 974 and 975 but it's mark to be Used by Network Login.
Il haven't found the same table for SessionManagment
The RFC2138 (1997) and the RFC2865 (2000) recommend both to support at least 64 chars for user, and for the password at least 128 chars in my reading.
I don't know how to opening up a feature request. If you have an URL ?
Thanks
Il haven't found the same table for SessionManagment
The RFC2138 (1997) and the RFC2865 (2000) recommend both to support at least 64 chars for user, and for the password at least 128 chars in my reading.
I don't know how to opening up a feature request. If you have an URL ?
Thanks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎06-01-2016 10:30 AM
Hello,
In the EXOS 16.1 User Guide on page 948 it is stated that for the RADIUS User-Password attribute RFC 2138 is being used, not RFC 2865.
For a list of further RADIUS attributes and the corresponding RFC within the EXOS implementation please see the full table on pages 974/975.
The 16.1 User Guide can be found at the following location: http://documentation.extremenetworks.com/exos/16.1/EXOS_User_Guide_16_1.pdf
In case this is causing an issue, as in your case with the Yubico OTP solution, I recommend opening up a feature request to see if this can be implemented.
In the EXOS 16.1 User Guide on page 948 it is stated that for the RADIUS User-Password attribute RFC 2138 is being used, not RFC 2865.
For a list of further RADIUS attributes and the corresponding RFC within the EXOS implementation please see the full table on pages 974/975.
The 16.1 User Guide can be found at the following location: http://documentation.extremenetworks.com/exos/16.1/EXOS_User_Guide_16_1.pdf
In case this is causing an issue, as in your case with the Yubico OTP solution, I recommend opening up a feature request to see if this can be implemented.
