Name
Tunnel-Password
Synopsis
|
Attribute Number |
69 |
|
Length |
5 or more octets |
|
Value |
STRING |
|
Allowed in |
Access-Accept |
|
Prohibited in |
Access-Request, Access-Reject, Access-Challenge, Accounting-Response, Accounting-Request |
|
Presence in Packet |
Not required |
|
Maximum Iterations |
1 |
This attribute contains the password for authenticating to a remote server and includes a “salt” field that is used to verify the uniqueness of the key used to encrypt the tunnel password.You can find more information at the RFC 2868, but no sense sending you off on a chase. Here’s the relevant part:
The plaintext String field consists of three logical sub-fields: the Data-Length and Password sub-fields (both of which are required), and the optional Padding sub-field. The Data-Length sub-field is one octet in length and contains the length of the unencrypted Password sub-field. The Password sub-field contains the actual tunnel password. If the combined length (in octets) of the unencrypted Data-Length and Password sub-fields is not an even multiple of 16, then the Padding sub-field MUST be present. If it is present, the length of the Padding sub-field is variable, between 1 and 15 octets. The String field MUST be encrypted as follows, prior to transmission:
Construct a plaintext version of the String field by concatenating the Data-Length and Password sub-fields. If necessary, pad the resulting string until its length (in octets) is an even multiple of 16. It is recommended that zero octets ...
Get RADIUS now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
