Hi,
> We found out today that when we use the attr_filter module in FreeRADIUS,
> the GSS-Acceptor-* attributes are stripped from the request, which then
> stops the channel bindings from working.
well, unless they are listed in the allowed whitelist :-)
> Adam says that even with attribute filters, this work ok on Debian, so I'm
> not sure why CentOS would be any different. :-/
it doesnt. there'll be a difference in config. if you call the filter and
dont have the attribute listed it will be gone (unless theres a confusion here
about presence of an attribute in inner or outer tunnel - though once again,
filter the packet in the right place and it will get adjusted)
alan
|