[Pkg-nagios-devel] Bug#482947: check_radius wrongly hardcodes the NAS-IP-Address attribute in its requests

Josip Rodin joy at debbugs.entuzijast.net
Mon May 26 00:30:50 UTC 2008


Package: nagios-plugins-standard
Version: 1.4.5-1etch1

Hi,

check_radius doesn't seem to provide any way to modify the NAS-IP-Address
attribute that it uses in the packets it sends, but it does so for
NAS-Identifier.

Instead, it hardcodes the IP address that it gets from the
rc_own_ipaddress() library call, and that in turn translates into calling
gethostbyname() on the result of uname(). This call can easily fail, and its
result can easily be unsuitable - for example when the Nagios instance uses
its own virtual host, and you don't want the original system hostname leaked
to the RADIUS servers you monitor with this.

Furthermore, this behaviour is inconsistent with RFC 2865, which defines the
two attributes as analogous and never suggests hardcoding the value of
either of them in client software.

A new option should be added so that the user can provide the NAS-IP-Address
attribute contents, just like they can for the other attribute.

Please fix this. TIA.

-- 
     2. That which causes joy or happiness.





More information about the Pkg-nagios-devel mailing list