[H-GEN] Radius for LINUX

Christopher Biggs chris at stallion.oz.au
Tue Jun 2 01:32:55 EDT 1998 

Luke Grant <humbug at term.webexpress.net.au> moved upon the face of the 'Net and spake thusly:

> ok ppl,
>        My bos wants to set up a Radius server and client for Linux. Now i
> dont know a thing about this program...in fact i didnt even know it
> exested till yesterday.

RADIUS is a protocol for terminal servers and other dialin servers to
communicate with a central authentication server.

It purports to use cryptography to secure the exchange, but there are
some well publicised weaknesses in the method employed, so its only
real advantage is to provide central authentication.

The idea is that your password database lives in one spot, and all the
other systems use the authentication server to validate passwords.


For example, a terminal server answers modem, gets username, sends to
radius server "Here's jbloggs, what do I do".  RADIUS server says
"give em PPP" or "ask for a password" or whatever.  Terminal server
gets password, says "Hey RADIUS, Here's the password", RADIUS server
says yay or nay, and can say "call them back, or open a telnet to
this host, or give em PPP with this address, or give em a shell, or
give em a root shell".

Several free RADIUS server implementations work on Linux.   The MERIT
radius server can be FTPd from ftp://ftp.merit.edu/radius/.

There is also a radius *client* program for Linux, which allows you to
use RADIUS to authenticate dialin clients of a linux box (eg with a
multiport serial card and a rack of modems).  See the LSM for
location.  

The main difficulty with RADIUS is that almost every[1] terminal 
server manufacturer has their own proprietary extensions to the RADIUS
protocol[2], and you might have to tweak the data-dictionary of the
server to add in the vendor extensions used by your hardware.

Chris.

[1] Except us.
[2] Admittedly, the protocol does explicity allow for "vendor extensions"

--
| Christopher Biggs email:chris at stallion.oz.au | One of the founding membata,|
| Stallion Technologies, Queensland, Australia | Society for Creative Pluri. |
| VoiceNet +61-7-3270-4266 Fax +61-7-3270-4245 | Linux: To connect and serve |
| Send mail with "Subject: sendpgpkey" for my PGP public key.  MIME mail OK  |


----------------------- HUMBUG General List --------------------------------
echo "unsubscribe general" | mail majordomo at humbug.org.au # To Unsubscribe

More information about the General mailing list