On Wed, Aug 7, 2024 at 5:55 AM Heikki Linnakangas wrote:
> On 06/08/2024 03:58, Thomas Munro wrote:
> > On Tue, Aug 6, 2024 at 2:41 AM Heikki Linnakangas wrote:
> >> What if the message contains multiple attribute of the same type? If
> >> there's a duplicate Message-Authenticator, we should sure
On 06/08/2024 03:58, Thomas Munro wrote:
On Tue, Aug 6, 2024 at 2:41 AM Heikki Linnakangas wrote:
What if the message contains multiple attribute of the same type? If
there's a duplicate Message-Authenticator, we should surely reject the
packet. I don't know if duplicate attributes are legal in
On Mon, Aug 05, 2024 at 05:41:21PM +0300, Heikki Linnakangas wrote:
> On 05/08/2024 15:43, Thomas Munro wrote:
>> Since PostgreSQL v12 and v13 don't have the modern "common/hmac.h"
>> API, I came up with a cheap kludge: locally #define those interfaces
>> to point directly to the OpenSSL HMAC API,
ecurity {
+ require_message_authenticator = "yes"
+}
+
pidfile = "$radiusd_dir/radiusd.pid"
};
--
2.46.0
From 9dd68610b8931ebd6d0969040daeb58d85edb7be Mon Sep 17 00:00:00 2001
From: Thomas Munro
Date: Mon, 5 Aug 2024 17:09:57 +1200
Subject: [PATCH v2 4/4] XX
uation when we ship this fix, possibly as much as
three months from now. (There was some mention in the security-list
discussion of maybe making an off-cycle release to get this out
sooner; but nothing was decided, and I doubt we'll do that unless
we start getting user complaints.) It se
On 05/08/2024 15:43, Thomas Munro wrote:
The response requirement can be enabled by radiusrequirema=1 in
pg_hba.conf. For example, Debian stable is currently shipping
FreeRADIUS 3.2.1 which doesn't yet send the MA in its responses, but
FreeBSD and Debian "testing" have started shipping FreeRADIU
isted as a
reviewer already, and this version incorporates some new improvements
he recommended (thanks!). I've created this new thread and new
minimal test just to deal with the BlastRADIUS mitigation topic.
We might also consider just dropping RADIUS support in 18, if we don'
