[RADIATOR] Security settings for Wireless Network
Heikki Vatiainen
hvn at open.com.au
Fri Jun 8 06:41:53 CDT 2012
On 06/08/2012 07:31 AM, Sudhir Harwalkar wrote:
> I need some information regarding WiFi security parameters,
>
> 1. User ID –
>
> a. Does it accept special characters such as - * ‘ # etc.
Please see this for what can be used for User-Name:
http://tools.ietf.org/html/rfc4282
In practive '-' should be safe but the others may or may not be allowed
by clients, NASes and Radius servers. I would not use them.
> b. What’s the minimum length acceptable?
See this:
http://tools.ietf.org/html/rfc2865#section-5.1
You should read it for more details, but 1 is minimum. In practice some
devices may leave it completely empty.
String
The String field is one or more octets. The NAS may limit the
maximum length of the User-Name but the ability to handle at least
63 octets is recommended.
> 2. PAC –
>
> a. Does it accept ASCII only or hex input is okay?
See this: http://tools.ietf.org/html/rfc4851#section-3.2.2
PAC has many components. Quote for PAC-Key: "The PAC-Key is randomly
generated by the EAP server to produce a strong entropy 32-octet key"
This rules out ASCII. Please read the RFC for more information.
> b. Does EAP FAST also need an username in addition to PAC?
This depends on the inner (phase 2) authentication. There are various
protocols that can be used here.
> 3. What is the data cipher used in EAP TTLS? Is it similar to
> password or something else? Need some more details here.
Please see the RFC. The RFC discusses about encryption. Note that
password and encryption are different things not related to each other.
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list