(RADIATOR) chap and multiple radius proxying
Tariq Rashid
tariq.rashid at uk.easynet.net
Fri Apr 29 08:23:45 CDT 2005
hi,
will CHAP authentication work though radius proxying - multiple proxying
even.
PAP will, but with CHAP you have a challenge sent back to the client - in
theory it should make its way back to the client, which then responds to the
challenge. does this work in practise?
a further complication is that a first layer of proxy radius servers will
forward the request to one of a group of secondary radius servers, before
finally sending the request to the target home servers. the issue i see is
that the reponse to the challenge may go via a different second layer - even
though it should still reach the target home server.
does anyone have experience in this?
diagram:
<client> ----> <proxy 1> ----> <proxy A> -------> <target radius>
| /
\------> <proxy B? -------
the problem i see is that the initial request goes via proxy1 and proxyA to
the target, which sends back a challenge, which makes its way back to the
client. the client responds but this time the proxy1 balances the request to
proxyB - will te target radius fail or ignore this final step of the CHAP
handshake?
tariq
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list