Authentication Failure and User Attributes

I have a little problem that I would like to fix:

My setup right now works great, however there is only little problem, even if the user is rejected (i.e. incorrect password) all the user attributes are still returned.  I think this is a slight security risk, since all you need to know is the username to retrieve information about the network...

I am trying to stop this but placing an entry at the top of the users file, but I can not figure out what variable to test for?

Any ideas? Where would I look?

Thanks
Bob

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Bob Brandt wrote:
> My setup right now works great, however there is only little problem,
> even if the user is rejected (i.e. incorrect password) all the user
> attributes are still returned.  I think this is a slight security risk,
> since all you need to know is the username to retrieve information about
> the network...

  That information goes to the NAS.  It doesn't go to the end user.

  There is no security issue.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Bob Brandt <bob@...> writes:

raddb/attrs.access_reject



Bjørn

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html