[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Pam and radius



On Fri, 28 Feb 1997, Mark Lillywhite wrote:

> Also, I don't know how I can simply test for the existance of a user (ie,
> without a password). Would this be done by a pam module which authenticates

With RADIUS this is not possible. Using RADIUS one must build a packet
with username and password hashed into a random MD5 vector, encrypt the
packet with the shared seceret between the RADIUS server and this client,
send it to the RADIUS server and wait for response. The RADIUS server will
respond back with 'okay' or 'deny' if it could process the packet you sent
to it, or will remain silent otherwise. Thus if you get a read timeout or
'deny' you have an authetication failure. 

You can not test if an user is a valid one knowing only its username with
RADIUS.

> The Merit code is very dodgy... I'm pleased to see someone else thinks so
> too! I am playing with the idea of a Java-based RADIUS server... that's
> quite off-topic but if anyone's interested I'd like to hear from you.

java is nice, I am doing my thesis in java, but is far from a _secure_
platform. Is a nice thing to _play_ with, but one can not rely on it yet.

Best wishes,
		Cristian Gafton
--
--------------------------------------------------------------------
Cristian Gafton                                    gafton@sorosis.ro
Computers & Communications Center              Network Administrator
http://www.sorosis.ro/~gafton                          Iasi, Romania
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
UNIX is user friendly. It's just selective about who its friends are.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []