Hi Vadim, On 6/14/19 6:39 AM, Vadim Yanitskiy wrote: I think you are reading it wrong / too quickly, or perhaps it's me not expressing it correctly, but to me what you say and what I say there is the same. In there I'm saying auth-policy DIFFERENT THAN "remote" (non-remote) can only take the value "optional". Hence, I'm NOT stating that "remote" cannot take the value "optional". As a result, optional is a possible value for "remote". So the important thing here is: If you are using any auth-policy other than "remote", you MUST use this authentication value (even implicitly since anyway it doesn't make sense and doesn't really apply). If you are using remote, use whichever you want. Same string as above, not repeating. Only places where "require_authentication" is checked are: src/gprs/sgsn_auth.c:115 src/gprs/sgsn_auth.c:177 And both are code paths only executed under condition that auth_policy is SGSN_AUTH_POLICY_REMOTE. Which means "require_authentication" is not checked/used at all for other auth_policy scenarios. So we are safe, the change is not affecting other auth_policy. So I think my patch is fine and actually simplifies older state. I'm happy to rework stuff it you can find any flaw I didn't see. Regards, Pau -- - Pau Espin Pedrol <pespin(a)sysmocom.de> http://www.sysmocom.de/ ======================================================================= * sysmocom - systems for mobile communications GmbH * Alt-Moabit 93 * 10559 Berlin, Germany * Sitz / Registered office: Berlin, HRB 134158 B * Geschaeftsfuehrer / Managing Director: Harald Welte