Notes on SHOULD set "require_message_authenticator"

author Alan T. DeKok <aland@freeradius.org>

Wed, 4 Aug 2010 08:34:59 +0000 (10:34 +0200)

committer Alan T. DeKok <aland@freeradius.org>

Wed, 4 Aug 2010 13:21:21 +0000 (15:21 +0200)
author Alan T. DeKok <aland@freeradius.org>
Wed, 4 Aug 2010 08:34:59 +0000 (10:34 +0200)
committer Alan T. DeKok <aland@freeradius.org>
Wed, 4 Aug 2010 13:21:21 +0000 (15:21 +0200)
diff --git a/raddb/proxy.conf b/raddb/proxy.conf

index f389bbe..5527ce9 100644 (file)
--- a/raddb/proxy.conf
+++ b/raddb/proxy.conf
@@ -233,8 +233,13 @@ home_server localhost {
         #  packets sent to that home server will have a
         #  Message-Authenticator attribute.
         #
+       #  We STRONGLY recommend that this flag be set to "yes"
+       #  for ALL home servers.  Doing so will have no performance
+       #  impact on the proxy or on the home servers.  It will,
+       #  however, allow administrators to detect problems earlier.
+       #
         #  allowed values: yes, no
-       require_message_authenticator = no
+       require_message_authenticator = yes
  
         #
         #  If the home server does not respond to a request within
author	Alan T. DeKok <aland@freeradius.org>
	Wed, 4 Aug 2010 08:34:59 +0000 (10:34 +0200)
committer	Alan T. DeKok <aland@freeradius.org>
	Wed, 4 Aug 2010 13:21:21 +0000 (15:21 +0200)