[RADIATOR] Multiple authentication methods

SPirrottina at qtc.com.au SPirrottina at qtc.com.au
Wed Jul 15 23:44:42 CDT 2009 

Hi Hugh

Thanks for your response.

Basically some users will use hardware tokens, some will use SMS 
authentication, and others may need the option of using one or the other 
(for example, there may not be mobile coverage to receive an SMS, so they 
may use a hardware token)

I've thought of a way I can do this through our remote ssl vpn appliance 
(Juniper) using different realms and sign in pages.  I was thinking SMS 
users would authenticate using Radiator, and hardware token users can 
authenticate directly to RSA AM, without going through Radius.

I was wondering what Radiator can do in relation to this?

Thanks

Regards
Steve Pirrottina | Network Administrator
I.T Systems and Support | Queensland Treasury Corporation
p: 07 3842 4677 | f: 07 3842 4910
e: spirrottina at qtc.com.au | w: www.qtc.com.au




From:
Hugh Irvine <hugh at open.com.au>
To:
SPirrottina at qtc.com.au
Cc:
radiator at open.com.au
Date:
16/07/2009 14:31
Subject:
Re: [RADIATOR] Multiple authentication methods
Sent by:
radiator-bounces at open.com.au




Hello Steve -

There are a number of ways of classifying requests, not just the Realm 
suffix on a username string.

You can indeed have multiple AuthBy clauses in a Realm or Handler, or 
you can set up different Handlers if there is something in the request 
to differentiate the requests.

If you can give me a bit more detail I will try to make some sensible 
suggestions.

regards

Hugh



On 16 Jul 2009, at 12:05, SPirrottina at qtc.com.au wrote:

> Hi
>
> We are evaluating RSA AM 7.1 with Radiator and have a query in 
> relation to Radiator and authenticating using different methods.
>
> We will have a requirement to have some users authenticating using 
> RSA hardware tokens, and some users via OnDemand SMS 
> authentication.  I noticed in a document published on RSA's website 
> that the way to do this with Radiator is to have different 
> authenticating groups and assign different Realms for each category 
> of user, and this is based on their username.
>
> Can this be done any other way as all our users have the same 
> username naming convention so this wouldn't work for us?  Is it  not 
> possible to have two authentication methods in one realm?
>
> Thanks for your help.
>
>
>
> Regards
> Steve Pirrottina | Network Administrator
> I.T Systems and Support | Queensland Treasury Corporation
> p: 07 3842 4677 | f: 07 3842 4910
> e: spirrottina at qtc.com.au | w: www.qtc.com.au
> *************************
> Queensland Treasury Corporation 
> Level 14, 61 Mary Street, Brisbane, Queensland 4000  
> (PO Box 1096, Brisbane Qld 4001) 
> T: +61 7 3842 4600
> www.qtc.com.au
>
> This email and any attachments (collectively, 'this message') is 
> intended only for the addressee and may be confidential and 
> privileged. None of its contents may be disclosed to, or relied upon 
> by, any other party without our written consent. If you are not the 
> addressee, you must not copy or use this message for any purpose, 
> nor disclose its contents to anyone. Please delete it and notify QTC 
> immediately by telephoning +61 7 3842 4600 or emailing the sender.
>
> Any opinion or advice provided in this message is subject to any 
> assumptions noted within it and the assumption that the current 
> economic, political and/or commercial environment does not 
> materially alter. QTC does not warrant or guarantee any outcome or 
> forecast in this message. Any opinion or advice in this message is 
> provided by QTC in good faith on the basis of information supplied 
> to QTC, which may not have been independently verified by QTC. 
> Accordingly, QTC does not represent that the opinion or advice is 
> accurate or complete and it should not be relied upon as such. 
> Unless stated otherwise, the views expressed in this message are 
> those of the individual sender, not those of QTC.
>
> To the extent permitted by law, neither QTC nor any of its 
> employees, contractors, servants or agents accept any responsibility 
> and liability whatsoever for any expense, damage, claim, cause of 
> action, loss or costs, incurred by any person in connection with 
> that person or any other person placing any reliance on, or acting 
> or refraining to act on the basis of, the contents of this message.
>
> QTC does not warrant that any attachments to this email are free 
> from viruses or other corruption, and recommends that you scan them 
> for viruses before opening. QTC accepts no liability for any loss 
> caused if this message contains a virus or is otherwise corrupted.
>
> QTC respects your privacy, and our privacy plan is available on our 
> website.
>
> If you are a QTC public sector customer, please visit our website 
> for information about registering to access our secure customer sub- 
> site.
>
> < 
> OSC_Radiator_RSAAM_4.3.1_AuthMan7.1 
> .pdf>_______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (
www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


_______________________________________________
radiator mailing list
radiator at open.com.au
http://www.open.com.au/mailman/listinfo/radiator


*************************
Queensland Treasury Corporation		
Level 14, 61 Mary Street, Brisbane, Queensland 4000		
(PO Box 1096, Brisbane Qld 4001)		
T: +61 7 3842 4600
www.qtc.com.au

This email and any attachments (collectively, 'this message') is intended only for the addressee and may be confidential and privileged. None of its contents may be disclosed to, or relied upon by, any other party without our written consent. If you are not the addressee, you must not copy or use this message for any purpose, nor disclose its contents to anyone. Please delete it and notify QTC immediately by telephoning +61 7 3842 4600 or emailing the sender.

Any opinion or advice provided in this message is subject to any assumptions noted within it and the assumption that the current economic, political and/or commercial environment does not materially alter. QTC does not warrant or guarantee any outcome or forecast in this message. Any opinion or advice in this message is provided by QTC in good faith on the basis of information supplied to QTC, which may not have been independently verified by QTC. Accordingly, QTC does not represent that the opinion or advice is accurate or complete and it should not be relied upon as such. Unless stated otherwise, the views expressed in this message are those of the individual sender, not those of QTC.

To the extent permitted by law, neither QTC nor any of its employees, contractors, servants or agents accept any responsibility and liability whatsoever for any expense, damage, claim, cause of action, loss or costs, incurred by any person in connection with that person or any other person placing any reliance on, or acting or refraining to act on the basis of, the contents of this message.

QTC does not warrant that any attachments to this email are free from viruses or other corruption, and recommends that you scan them for viruses before opening. QTC accepts no liability for any loss caused if this message contains a virus or is otherwise corrupted.

QTC respects your privacy, and our privacy plan is available on our website.

If you are a QTC public sector customer, please visit our website for information about registering to access our secure customer sub-site. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20090716/e40bd0ce/attachment.html

More information about the radiator mailing list