(RADIATOR) chap and multiple radius proxying

[Tariq Rashid]

hi,

will CHAP authentication work though radius proxying - multiple proxying
even.

PAP will, but with CHAP you have a challenge sent back to the client - in
theory it should make its way back to the client, which then responds to the
challenge. does this work in practise?

a further complication is that a first layer of proxy radius servers will
forward the request to one of a group of secondary radius servers, before
finally sending the request to the target home servers. the issue i see is
that the reponse to the challenge may go via a different second layer - even
though it should still reach the target home server. 

does anyone have experience in this?

diagram:

  <client> ----> <proxy 1> ----> <proxy A> -------> <target radius>
                        |                          /
                        \------> <proxy B? -------

the problem i see is that the initial request goes via proxy1 and proxyA to
the target, which sends back a challenge, which makes its way back to the
client. the client responds but this time the proxy1 balances the request to
proxyB - will te target radius fail or ignore this final step of the CHAP
handshake?

tariq

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.