[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

adding RADIUS to pam

Andrew writes:
> Alan assures me that encryption when it is used for
> authentication (as in the case of Radius' password distribution) is
> completely fine to export from the US.  This is my understanding too,
> but I'd really feel better if I could hear a lawyer say that.


  The list of controlled items.  Government-speak follows:


Category XIII-Auxiliary Military Equipment


 (b) Information Security Systems and equipment, cryptographic
devices, software, and components specifically designed or modified
therefor, including:

   (1) Cryptographic (including key management) systems, equipment,
assemblies, modules, integrated circuits, components or software with
the capability of maintaining secrecy or confidentiality of
information or information systems, EXCEPT cryptographic equipment and
software as follows:


 (vi) Limited to data authentication which calculates a Message
Authentication Code (MAC) or similar result to ensure no alteration of
text has taken place, or to authenticate users, but does not allow for
encryption of data, text or other media other than that needed for the


  So the RADIUS module is exportable, under ITAR Part 121, Category
XIII, (b)(1)(vi).

  Although I think that ITAR has since been superseded.  In any case,
the page contains a postal address where you can order the official
government regulations.

  If it's any consolation, you can download the Livingston server,
including test applications which "encrypt" the password to send it to
the server.


  Our server is available at


  In addition, all free unix distributions include ways to encrypt
user passwords.  '/etc/passwd', 'crypt', etc. have been used for
authenticating users, and been exported for years.  I hope that
encrypting a password for RADIUS authentication is any different.

  Alan DeKok.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []