(RADIATOR) Apache 2, Radiator and token authentication

Mike McCauley mikem at open.com.au
Wed Nov 3 21:14:40 CST 2004 

Hello all,

We have spent some time recently testing Apache 2 and mod_auth_radius with 
Radiator.
mod_auth_radius is a plugin authenticator for Apache (1 and 2). Its available 
from https://www.gnarst.net/authradius, and precompiled binaries and RPMs are 
available for a number of platforms are available on the net.

It works by sending Radius PAP authentication requests in response to HTTP 
Basic authentications. Its highly configurable and works well.

One interesting feature (which makes it better that other Radius 
authentication methods for Apache) is that it uses cookies to maintain 
authentication for a configurable period of time. The user will not be 
required to re-enter
their password until the cookie expires. This is very useful for 
one-time-password and token
authentication systems such as SecurID and Digipass, and it also
prevents overloading of the Radius server. The default
behaviour expires cookies after 60 minutes, but this can be configured
with AddRadiusCookieValid.

We were particularly interested to test this with Radiator and tokens such as 
ACE and DIgipass, and it works fine.

Some people may be interested in the ability to control access to soem parts 
of a web server only to members of staff, by using a token based sysem such 
as SecureID or Digipass to authenticate access.

We have added documentation about how to configure mod_auth_radius for Apache 
in goodies/apache2-radius.txt, which is currently available in the Radiator 
3.11 patch set.


We tested it successfully with the example goodies/digipass.cfg provided with 
Radiator.


-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list