Re: [Accel-ppp-users] [PATCH 0/2] auth: fix negociation of authentication when requested by peer
Status: Beta
Brought to you by:
xebd
Menu
▾
▴
Re: [Accel-ppp-users] [PATCH 0/2] auth: fix negociation of authentication when requested by peer
|
From: Dmitry K. <xe...@ma...> - 2018-11-27 06:59:04
|
>We have no way to authenticate ourself, we only know how to >authenticate the peer. Therefore we should reject any request made by >the peer to authenticate ourself. Failure to do so results in stalls >during the PPP authentication phase because accel-ppp never sends the >credentials the peer asked for. > >Patch 1 rejects the Authentication-Protocol option sent by the peer and >expands on the reasons to do so. > >Patch 2 removes a callback function that patch 1 made unused. > >I must say that I can't really follow the logic of the original >auth_recv_conf_req() function. So it's always possible that I've missed >something. However, the principle of this series is that we really have >no way to authenticate ourself to the peer, so we should always reject >such attempts. This behaviour looks sane. We've run with a similar >patch for a few years and it helped us maximise compatibility with >broken clients. > >Guillaume Nault (2): > lcp: reject Authentication-Protocol option in Configure-Request > packets > auth: remove .recv_conf_req from struct ppp_auth_handler_t Applied, thanks -- Dmitry Kozlov |