Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (ASCEND) The USR Total control chassis (fwd)
> Once upon a time Phillip Vandry shaped the electrons to say...
> >You can note the current setting of this option in the "sh global" output:
> > Extd. IPXCP Opts: OFF Acct AuthChk: ON Send DNS info: ON
> >The default, OFF, is **BAD**! (Why is it the default?)
>
> History. People are still running servers that don't handle this, and
> breaking things overnight with a new OS is rude. So they kept things the
> same as always by default, but allow people to turn it on if needed.
In this case I quite disagree.
If previous releases of the code did not set the authentication key, then
any RADIUS server that did not check the Authenticator would work and
any RADIUS server that did would break.
If they had changed the default, then those RADIUS servers that used to
work will continue to not check the Authenticator and still work, and the
ones that did check will now work.
No chance of breaking anything by changing this, I would say!
> Like on PMs - in 3.5 we started doing VLSM and honoring RADIUS netmasks set
> for users. Now, since we didn't in the past people have some pretty poor
> netmasks set in RADIUS - like "255.255.255.0" which would route a /24 to
> the user. So it is off by default and 'set user-netmask on' is used to
> tell ComOS to honor the netmasks. Gives people time to clean up the mess
> and prepare to use it. Maybe eventually it'll be on by default, once it
> has been out for a while.
That's a different, and debatable case, because there really is a
potetial breakage.
-Phil
++ Ascend Users Mailing List ++
To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd: <http://www.nealis.net/ascend/faq>
References: