[RADIATOR] Radiator Version 4.6 released
Hugh Irvine
hugh at open.com.au
Fri Feb 5 00:18:30 CST 2010
Hi Mikey -
Downloaded and tested OK on MacOS X 10.6.2.
Thanks!
cheers
Hugh
On 5 Feb 2010, at 15:53, Mike McCauley wrote:
> We are pleased to announce the release of Radiator version 4.6
>
> This version contains some new features and minor bug fixes.
>
> As usual, the new version is available to current licensees from:
> http://www.open.com.au/radiator/downloads/
>
> and to current evaluators from:
> http://www.open.com.au/radiator/demo-downloads
>
> Licensees with expired access contracts can renew at:
> http://www.open.com.au/renewal.php
>
> An extract from the history file
> http://www.open.com.au/radiator/history.html is below:
>
> -----------------------------
>
> Revision 4.6 (2010-02-05) New features and some bug fixes.
>
> Improved AuthLog SYSLOG to support multiple SYSLOG clauses with
> different LogHost and LogSock options. No comnpatible with
> multiple Log SYSLOG clauses. Reported by "Martin van der Walle".
>
> Improvements to example init script for Linux in linux-radiator.init, to be
> compliant with LSB requirements in http://wiki.debian.org/LSBInitScripts
>
> AuthBy LDAP2 now detects LDAP_INVALID_DN_SYNTAX errors and
> interprets them as a per-request error and not a connection
> failure. When LDAP_INVALID_DN_SYNTAX error occurs, the LDAP
> connection wil not be shut down. Requested by Dawn Lovell.
>
> Fixed a problem in Server TACACSPLUS where an AuthorizeGroup of the form
> AuthorizeGroup group1 permit service=shell cmd\* {autocmd="telnet
> 169.163.226.81"}
> (ie with double quotes surrounding the predicate) would result
> in the autocmd being sent incorrectly with 2 equals signs.
>
> AuthBy SQLYUBIKEY now supports static passwords in any format
> supported by Radiator, including plaintext, {SHA}, {crypt},
> {MD5}, {rcrypt}, {mysql}, {mssql}, {nthash}, {dechpwd},
> {NS-MTA-MD5}, {clear} etc. TranslatePasswordHook is also
> supported. Suggested by Jerome Fleury.
>
> Minor updates to Yubikey documentation to reflect the fact that
> AES keys must be programmed into each Yubikey before being
> imported into the SQLYUBIKEY database. Changes to AuthBy
> SQLYUBIKEY default SQL queries to work better with databases
> where the tokenID and AES key are in Hex. Yubikey keys may now be
> present in the database in either hex (no spaces) or base64
> format. But the default queries assume the Token ID and AES
> secret are in Hex, and that there is a one-to-one mapping between
> users and Yubikeys. Other options are available with custom SQL
> queries.
>
> Fixed a problem in AuthBy SQLYUBIKEY where it would sometimes
> incorrectly detect a replay attack in during multiple
> authentication of the same Yubikey session. General improvements
> to the AuthBy SQLYUBIKEY replay detection. Replay detection now
> uses the session counter and the session_use counter. The
> timestamp is not used. The database column that previously held
> the timestamp_low is used for the session_use counter. The
> database column that previously held the timestamp_high is not
> used.
>
> Updated install.html installation instructions for Windows.
>
> Improvements to AuthBy EAPBALANCE and AuthBy HASHBALANCE to work
> better in multi-AP roaming TTLS/PEAP session resumption
> environments. The default behaviour of AuthBy HASHBALANCE is to
> compute the HASH based on the same attributes as the EAP
> context. This prevents false detection of loss of continuity in
> EAP streams. AuthBy EAPBALANCE now sets the State in all replies
> in an EAP stream, not just the first, in order to work correctly
> with some non-compliant APs. AuthBy HASHBALANCE is deprecated in
> favour of AuthBy EAPBALANCE in any EAP-capable environment.
>
> In Server DIAMETER, fixed a problem that prevented some RADIUS
> reply attributes being correctly translated into Diameter reply
> attributes.
>
> Added new module AuthBy SQLMOTP for MOTP authentication, a new
> strong, two-factor authentication with mobile phones. See
> http://motp.sourceforge.net for details. Sample configuration and
> SQL schema supplied. Modifications to radpwtst to support new
> -motp_secret flag, allowing it to be used to test AuthBy SQLMOTP
> like:
> radpwtst -noacct -motp_secret 7ac61d4736f51a2b -password 1234
>
>
>
> The password argument is used as the MOTP PIN, and the
> motp_secret is used as the MOTP secret key. AuthBy SQLMOTP
> originally submitted by Jerome Fleury.
>
> In diapwtst, fixed a problem that would result in an incorrect
> status report: "Unexpected result code: DIAMETER_SUCCESS".
>
> Improvements to the internal structure of ServerDIAMETER.pm,
> making it easier to override handling of specific Diameter
> request types.
>
> Fixed a problem with AuthBy VOLUMEBALANCE, where if multiple
> failed hosts are configured with FailureBackoffTime of 0, it was
> possible for a request to be handed to each host in turn forever.
>
> Added new sample configuration file goodies/crypto-mas.cfg,
> showing how to proxy requests to the Cryptocard MAS (Managed
> Authentication Service) CRYPTO-MAS. See
> http://www.cryptocard.com/
>
> Added new parameter MaxTargetHosts to AuthBy
> VOLUMEBALANCE. Limits the number of different hosts a request
> will be proxied to in the case of no reply. Defaults to 0 which
> mean no limit: if the load balancer does not receive a reply from
> a host, it will keep trying until all hosts are exhausted.
>
> Improvements tp RPM spec file to permit installation with Perls
> that do not include /usr/lib/perl5/site_perl/, such as
> SLES. Reported by Frank Messie.
>
> Improvements to the rpm: make target so the RPM build correctly
> uses the local perl version number for links in the Perl
> lib. Contributed by Bjoern.
>
> Updated expired test certificates.
>
> Fixed a problem with incorrect type in replies to proxied
> Change-Filter-Request. Reported by Belmont Cheung.
>
> Added support for UpdateQuery in SessionDatabase SQL. Patch
> supplied by Jose Borges Ferreira.
>
> Added support for RFC 4818 compliant packing and unpacking of
> Delegated-IPv6-Prefix. Added new dictionary type ipv6prefix.
>
> The TacacsPlus group cache GroupCacheFile now uses the IP address
> of the client as part of the key, so that in situations where the
> group name depends on the client the correct group name wil be
> retrieved.
>
> Some Expiration check items in the sample users file had actually
> expired, causing the test suite to incorrectly fail on tests 2l,
> 2m, 3g and 3h.
>
> Fixed a problem that could cause incorrect authentication of HOTP
> passwords with leading zeroes.
>
> Added support for TOTP (Time-based one-time-passwords) as
> specified in draft-mraihi-totp-timebased-04.txt. Sample
> configuration and database schema included.
>
> --
> Mike McCauley mikem at open.com.au
> Open System Consultants Pty. Ltd
> 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
> Phone +61 7 5598-7474 Fax +61 7 5598-7070
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, DIAMETER etc. Full source
> on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
>
> -------------------------------------------------------
>
> --
> Mike McCauley mikem at open.com.au
> Open System Consultants Pty. Ltd
> 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
> Phone +61 7 5598-7474 Fax +61 7 5598-7070
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, DIAMETER etc. Full source
> on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
More information about the radiator
mailing list