(RADIATOR) Novell eDirectory Universal Password support

Mike McCauley mikem at open.com.au
Fri Mar 11 16:00:26 CST 2005


Hello Jim,


On Saturday 12 March 2005 01:13, Jim Michael wrote:
> Excellent news! Can you tell me how this type of authentication differs
> from the one we're using now, where we bind to eDirectory via LDAP to check
> the user's "real" eDirectory password?

The difference is that using ServerChecksPassword to bind as the user and 
check the password can only be used with authentication methods that send the 
cleartext password from the NAS to the Radius server (ie with PAP and 
TTLS-PAP). It cannot be used with CHAP, MSCHAP, MSCHAPV2, LEAP, MD5 etc.

By fetching the plaintext UP from eDirectory, Radiator can authenticate other 
methods too, including all the EAP wireless ones.

If you are only interested in PAP or TTLS-PAP, availability of UP doesnt make 
any difference to you.

Cheers.

>
> Jim
>
> >>> Mike McCauley <mikem at open.com.au> 3/11/2005 12:22:30 AM >>>
>
> We are pleased to announce the addition to Radiator of support for Novell
> eDirectory Universal Passwords.
>
> Novell eDirectory is a widely use LDAP based directory service, often used
> to manage users and passwords for large Windows and Unix systems. It runs
> on Windows, Linux, Solaris and HPUX.
>
> Novell eDirectory now supports Universal Password, a mechanism for using
> the a single password for each user to authenticate access many different
> services on Windows and Unix.
>
> Recent patches to Radiator include the option to fetch the Universal
> Password from eDirectory for each user, and use that to authenticate PAP,
> CHAP, MSCHAP, MSCHAP, MSCHAPV2, EAP-TLS, EAP_TTLS-*, PEAP, EAP_MSCHAP,
> EAP-MD5, LEAP etc.
>
> Included are sample configuration files, including a configuration that
> will work with all the EAP methods mentioned above. Also included are
> detailed instructions for installing and configuring eDirectory 8.7.3 on
> Linux and interoperating with Radiator.
>
> The patches are included in the latest Radiator 3.11 patch set.
>
> Feedback and comments to me please.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list