On ons, 2007-07-25 at 13:31 -0400, Michael W. Lucas wrote:
> If a user logs in from too many machines, or if he enters a wrong
> password, he gets the error message in ERR_NO_SHARING. I would expect
> a user who signs on too often to get ERR_NO_SHARING and a user who
> fails to authenticate to get the default ERR_CACHE_ACCESS_DENIED.
>
> Instead, all users get ERR_NO_SHARING. I would like to give the users
> a useful error message, but obviously I am missing something.
> #clients may only log in from one IP at a time.
> http_access deny noPwSharing
change the above to
http_access deny our_networks radius_auth noPwSharing
and the results will be what you expect, making unauthenticated users be
denied by the radius_auth acl, and authenticated users using too many IP
addresses denied by the noPwSharing ACL.
I also added the out_networks acl to deny probing of the user
passwords.. you probably want to do this on the no_auth_... lines as
well.
Regards
Henrik
Received on Sun Jul 29 2007 - 19:48:01 MDT
This archive was generated by hypermail pre-2.1.9 : Wed Aug 01 2007 - 12:00:04 MDT