change radius authentication default #112

vtarnavsky · 2024-04-08T12:36:43Z

What I did

Due to a potential security vulnerability in the Radius ciphers, we have moved to mschapv2 as it is the least vulnerable one out of the available ciphers in Radius.

How I did

changed the RADIUS_SERVER_AUTH_TYPE_DEFAULT in hostcfgd

linux-foundation-easycla · 2024-04-08T12:36:47Z

✅login: vtarnavsky / (6b61866)

The committers listed above are authorized under a signed CLA.

vtarnavsky · 2024-04-08T13:58:25Z

@qiluo-msft could you please review?

dprital · 2024-05-06T16:48:25Z

@qiluo-msft , Can you please review ?

qiluo-msft · 2024-05-13T07:02:55Z

scripts/hostcfgd

@@ -63,7 +63,7 @@ RADIUS_SERVER_AUTH_PORT_DEFAULT = "1812"
 RADIUS_SERVER_PASSKEY_DEFAULT = ""
 RADIUS_SERVER_RETRANSMIT_DEFAULT = "3"
 RADIUS_SERVER_TIMEOUT_DEFAULT = "5"
-RADIUS_SERVER_AUTH_TYPE_DEFAULT = "pap"


pap

Do you have another PR to change yang model? https://github.com/sonic-net/sonic-buildimage/blob/d9e62560fdd0b67ebab99e54a0949e4684a6ee50/src/sonic-yang-models/yang-models/sonic-system-radius.yang#L70

change radius authentication default

6b61866

qiluo-msft reviewed May 13, 2024

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

change radius authentication default #112

change radius authentication default #112

vtarnavsky commented Apr 8, 2024

linux-foundation-easycla bot commented Apr 8, 2024 •

edited

Loading

vtarnavsky commented Apr 8, 2024

dprital commented May 6, 2024

qiluo-msft May 13, 2024

change radius authentication default #112

Are you sure you want to change the base?

change radius authentication default #112

Conversation

vtarnavsky commented Apr 8, 2024

linux-foundation-easycla bot commented Apr 8, 2024 • edited Loading

vtarnavsky commented Apr 8, 2024

dprital commented May 6, 2024

qiluo-msft May 13, 2024

Choose a reason for hiding this comment

linux-foundation-easycla bot commented Apr 8, 2024 •

edited

Loading