Re: BUG #16106: Patch - Radius secrets always gets lowercased
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Magnus Hagander <magnus@hagander.net>
Cc: Marcos David <mdavid@palantir.com>,
"pgsql-bugs@lists.postgresql.org" <pgsql-bugs@lists.postgresql.org>
Date: 2019-11-12T18:07:14Z
Lists: pgsql-bugs
Magnus Hagander <magnus@hagander.net> writes: > On Tue, Nov 12, 2019 at 10:33 AM Tom Lane <tgl@sss.pgh.pa.us> wrote: >> However, while you can defeat the downcasing that way, you can't >> bypass the truncation to NAMEDATALEN. So it's arguably broken > I believe the RADIUS standard doesn't actually specify the length of the > key, so different implementations have different limits. For example > freeradius has 48 characters, cisco has 63. I agree that it's somewhat unlikely that truncation at 63 bytes would matter in practical use-cases, for any of these four parameters. Still, it's not a good thing, and the fix is trivial given that we have a suitable function at hand already. I'll try to improve the docs while I'm at it. regards, tom lane
Commits
-
Avoid using SplitIdentifierString to parse ListenAddresses, too.
- 7bf40ea0d028 13.0 landed
-
Avoid downcasing/truncation of RADIUS authentication parameters.
- d9802590a1b3 12.2 landed
- d66e68207e99 11.7 landed
- 7618eaf5f315 13.0 landed
- 4be69e2ea14d 10.12 landed
-
Support multiple RADIUS servers
- 6b76f1bb58f5 10.0 cited