Re: How to enable Freeradius to support a smart card with AES
This is a discussion on Re: How to enable Freeradius to support a smart card with AES within the FreeRADIUS Users forums, part of the Networking and Network Related category; --===============0740883303== Content-Type: multipart/alternative; boundary="----=_Part_39740_13112805.1173697982861" ------=_Part_39740_13112805.1173697982861 Content-Type: text/plain; charset=ISO-8859-1; ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
03-12-2007
|
|||
|
|||
Re: How to enable Freeradius to support a smart card with AES
--===============0740883303==
Content-Type: multipart/alternative; boundary="----=_Part_39740_13112805.1173697982861" ------=_Part_39740_13112805.1173697982861 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Thanks,Alan. But I have a few questions. First, if I create a new attribute "My-Aes-Password" and include it in the Access-Requet packet, I should not include the attributes such as "User-Password" or "Chap-Password".Is it right? For I have read RFC 2865, and gotten the message from page 64th as "[Note 1] An Access-Request MUST contain either a User-Password or a CHAP-Password or State. An Access-Request MUST NOT contain both a User-Password and a CHAP-Password. If future extensions allow other kinds of authentication information to be conveyed, the attribute for that can be used in an Access-Request instead of User-Password or CHAP-Password.", I have this question. The second question is about how to write modules.Sorry to ask the same question,but I want to verify my plan to see if it is pratical. The plan is as follow: I dont amend the module "rlm_chap" , I just copy all files in the ./src/modules/rlm_chap/ to a new dictory "rlm_aes" and rename files rlm_chap.* to rlm_aes.*. Then I edit rlm-chap.c to alter it to use AES to analyze the request packet. Is it pratical? 2007/2/3, Alan DeKok <aland@deployingradius.com>: > > yao guoxian wrote: > > Second,suppose we have enabled the NAS(client) and Freeradius to support > > our specified attribute "My-Aes-Password" , how to write the new module > > to handle the attribute? > > See the examples & the documentation. What about them is unclear? > > > Third , how to enable Freeradius and Nas(client) to support our new > > attribute?Does it need to append the dictionary file a new entry? > > All of this is documented. > > Alan DeKok. > -- > http://deployingradius.com - The web site of the book > http://deployingradius.com/blog/ - The blog > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > ------=_Part_39740_13112805.1173697982861 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Thanks,Alan.<br> But I have a few questions.<br> First, if I create a new attribute "My-Aes-Password" and include it in the Access-Requet packet, I should not include the attributes such as "User-Password" or "Chap-Password".Is it right? <br> For I have read RFC 2865, and gotten the message from page 64th as "<span style="font-weight: bold;">[Note 1]</span> <span style="font-weight: bold;">An Access-Request MUST contain either a User-Password or a </span><br style="font-weight: bold;"><span style="font-weight: bold;">CHAP-Password or State. An Access-Request MUST NOT contain both a</span><br style="font-weight: bold;"><span style="font-weight: bold;">User-Password and a CHAP-Password. If future extensions allow other </span><br style="font-weight: bold;"><span style="font-weight: bold;">kinds of authentication information to be conveyed, the attribute for</span><br style="font-weight: bold;"><span style="font-weight: bold;">that can be used in an Access-Request instead of User-Password or </span><br style="font-weight: bold;"><span style="font-weight: bold;">CHAP-Password.</span>", I have this question.<br> The second question is about how to write modules.<span style="font-weight: bold;">Sorry to ask the same question,but I want to verify my plan to see if it is pratical. </span>The plan is as follow: I dont amend the module "rlm_chap" , I just copy all files in the ./src/modules/rlm_chap/ to a new dictory "rlm_aes" and rename files rlm_chap.* to rlm_aes.*. Then I edit rlm-chap.c to alter it to use AES to analyze the request packet. Is it pratical?<br><br><div><span class="gmail_quote">2007/2/3, Alan DeKok <<a href="mailto:aland@deployingradius.com">aland@depl oyingradius.com</a>>:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> yao guoxian wrote:<br>> Second,suppose we have enabled the NAS(client) and Freeradius to support<br>> our specified attribute "My-Aes-Password" , how to write the new module<br>> to handle the attribute? <br><br> See the examples & the documentation. What about them is unclear?<br><br>> Third , how to enable Freeradius and Nas(client) to support our new<br>> attribute?Does it need to append the dictionary file a new entry? <br><br> All of this is documented.<br><br> Alan DeKok.<br>--<br> <a href="http://deployingradius.com">http://deployingradius.com</a> - The web site of the book<br> <a href="http://deployingradius.com/blog/">http://deployingradius.com/blog/ </a> - The blog<br>-<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a><br></blockquote></div><br> ------=_Part_39740_13112805.1173697982861-- --===============0740883303== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --===============0740883303==-- 
|
Linear Mode
