[RADIATOR] Security settings for Wireless Network

Heikki Vatiainen hvn at open.com.au
Fri Jun 8 06:41:53 CDT 2012 

On 06/08/2012 07:31 AM, Sudhir Harwalkar wrote:

> I need some information regarding WiFi security parameters,
> 
> 1.       User ID –
> 
> a.       Does it accept special characters such as - * ‘ # etc.

Please see this for what can be used for User-Name:
http://tools.ietf.org/html/rfc4282

In practive '-' should be safe but the others may or may not be allowed
by clients, NASes and Radius servers. I would not use them.

> b.      What’s the minimum length acceptable?

See this:
http://tools.ietf.org/html/rfc2865#section-5.1

You should read it for more details, but 1 is minimum. In practice some
devices may leave it completely empty.

   String
      The String field is one or more octets.  The NAS may limit the
      maximum length of the User-Name but the ability to handle at least
      63 octets is recommended.

> 2.       PAC –
> 
> a.       Does it accept ASCII only or hex input is okay?

See this: http://tools.ietf.org/html/rfc4851#section-3.2.2

PAC has many components. Quote for PAC-Key: "The PAC-Key is randomly
generated by the EAP server to produce a strong entropy 32-octet key"

This rules out ASCII. Please read the RFC for more information.

> b.      Does EAP FAST also need an username in addition to PAC?

This depends on the inner (phase 2) authentication. There are various
protocols that can be used here.

> 3.       What is the data cipher used in EAP TTLS? Is it similar to
> password or something else? Need some more details here.

Please see the RFC. The RFC discusses about encryption. Note that
password and encryption are different things not related to each other.

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.

More information about the radiator mailing list