From owner-cvs-all Wed Jun 30 16:28:59 1999 Delivered-To: cvs-all@freebsd.org Received: from gndrsh.aac.dev.com (GndRsh.aac.dev.com [198.145.92.4]) by hub.freebsd.org (Postfix) with ESMTP id 5C1B51542D; Wed, 30 Jun 1999 16:28:36 -0700 (PDT) (envelope-from rgrimes@gndrsh.aac.dev.com) Received: (from rgrimes@localhost) by gndrsh.aac.dev.com (8.9.3/8.9.3) id QAA12865; Wed, 30 Jun 1999 16:27:59 -0700 (PDT) (envelope-from rgrimes) From: "Rodney W. Grimes" Message-Id: <199906302327.QAA12865@gndrsh.aac.dev.com> Subject: Re: cvs commit: src/etc services In-Reply-To: <74394.930775050@zippy.cdrom.com> from "Jordan K. Hubbard" at "Jun 30, 1999 01:37:30 pm" To: jkh@zippy.cdrom.com (Jordan K. Hubbard) Date: Wed, 30 Jun 1999 16:27:58 -0700 (PDT) Cc: Doug@gorean.org (Doug), jkh@FreeBSD.ORG (Jordan K. Hubbard), cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk > > radius 1812/tcp RADIUS > > radius 1812/udp RADIUS > > Actually, they didn't claim that 1812/1813 were the bogus numbers, > they claimed that the quoted RFCs were bogus. In any case, I think > this is a firm case of a defacto standard colliding with an official > one and not so much a matter of "right" and "wrong" in any truly > boolean sense. I'd still like to hear more about who uses the new > assignments as defaults - so far I've checked the defaults on our > local cisco 2501 and Livingston PM2er [ick] and they both use > 1645/1646. Any ISP plugging along with the defaults on that equipment > is going to hit a wall with a radius that has gotten its port > assignments properly through /etc/services and that's just bogus > too. > > If I were writing radius authentication daemons then I'd probably have > mine listen on both points, but happily I'm not writing any of those > these days. :-) You can actually make almost all of them do that now, you just run 2 copies, one with a -p 1645 and one -p 1812. I had to do that during the migratation from non-IANA to IANA compliancy. > > Assuming that you are intent on keeping this quirk, the least that > > should be done is a PROBLEMS! note added to the file at both locations. > > AFAIAC, there is justification for keeping the broken behavior, but not > > commenting it will only cause confusion down the road. > > I could certainly live with (and even enthusiastically support) such a > compromise. Perhaps the 1812/1813 entries still in there but > commented out with a notation as to why, along with uncommented > 1645/1646 entries which also point to the other entries as the > "official but not often used" ones? Would that make you and Rod > happy? :-) Not really, since it would still cause boxes for those expecting the 1812 to fall over. I would say just comment out all 4, I am going around to all our boxes right now and changing things so that it does not even depend on /etc/services for where it should run at. That way I won't get bit by the change you just made to the /etc/services file should I update something before I forget to fix this new buglet... Most radius installation manauls tell you to go check /etc/services, and/or add them anyway. How about something like: # PROBLEM # Ports 1645/1646 are the traditional radius usage that was used # by many vendors without obtaining official IANA assignment. An # official assignment is now in conflect with these and one is # incorraged to migrate to the official ports 1812/1813. #radius 1645/udp #RADIUS authentication protocol (RFC 2138) #radacct 1646/udp #RADIUS accounting protocol (RFC 2139) {Official stuff that belong on 1645 here, also commented out, I just don't have it handy} # PROBLEM # Ports 1812/1813 are the official IANA assigned radius ports, # though many vendors have not adopted these as thier defaults # it is what has been assigned. #radius 1812/udp #RADIUS authentication protocol (RFC 2138) #radacct 1813/udp #RADIUS accounting protocol (RFC 2139) NOTE: The citing of RFC2138/2139 is the protocol specification, not what puts them on these ports. I think it is RFC2058 that has the official port numbers and the comments about the bogus use of 1645/1646. -- Rod Grimes - KD7CAX - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message