 |
 |
> I attached the logfile... The last line would repeat forever unless I > ctrl-c it. Ok, I'll run that by the FreeRADIUS folks, because technically I'd expect it to bomb out once, not loop on forever. > it works, I can now send the certificate and the key, but...If the cert > or key is longer, I am still in trouble. Yes, that's the problem... > Is there a way how to send longer certs and keys, or more attributes > after user is authenticated? Ideally set inside of the script. (I > originally used my instance of the exec module to run script in which I > set SAML-AAA-Assertion and then call the module inside post-auth section > on freeradius - need to read different certs and keys). Not off-hand, but if you are talking to a SAML authority, you might be able to get those certificates along a different channel. But, I believe University of Murcia has proposed RADIUS packet fragmentation, which might resolve this. How far along they are with this, I don't know. Stefan -- This e-mail and any attachments may contain confidential, copyright and or privileged material, and are for the use of the intended addressee only. If you are not the intended addressee or an authorised recipient of the addressee please notify us of receipt by returning the e-mail and do not use, copy, retain, distribute or disclose the information in or attached to the e-mail. Any opinions expressed within this e-mail are those of the individual and not necessarily of Diamond Light Source Ltd. Diamond Light Source Ltd. cannot guarantee that this e-mail or any attachments are free from viruses and we cannot accept liability for any damage which you may sustain as a result of software viruses which may be transmitted in or with the message. Diamond Light Source Limited (company no. 4375679). Registered in England and Wales with its registered office at Diamond House, Harwell Science and Innovation Campus, Didcot, Oxfordshire, OX11 0DE, United Kingdom