Radius client library with similar functionality to Cisco?

Emile van Bergen emile-fr at evbergen.xs4all.nl
Tue Jun 28 09:17:07 CEST 2005 

Hi,

On Mon, Jun 27, 2005 at 09:33:38PM -0400, Alan DeKok wrote:

> David Stanaway <david at dialmex.net> wrote:
> > I was wondering if anyone had come across a radius client library with
> > similar functionality to cisco IOS (multiple radius server groups,
> > broadcast or failover group configuration, configurable retry delay, and
> > number of retries, etc...)?
> 
>   Not really.  The closest *any* free code comes is what's in
> FreeRADIUS, and that's built into the server, not into the library.
> 
>   There's the issue of how you represent the data, and get it into/out
> of the library, among others.
> 
>   The library in FreeRADIUS is a dumb RADIUS library, but the server
> builds all of that functionality on top of it.  It probably would be a
> good idea to move much of what you're talking about into the library,
> though.

It's not a library, but the radius client included with OpenRADIUS
(http://www.openradius.net) does what you want if used as a co-process to your
program.

You spawn it as a persistent subprocess and send A/V pairs through its stdin
and stdout, terminating requests with empty lines. Multiple (failover) servers
can be specified either on the command line, or per request through the
Target-Server attribute.

You don't need to wait for a response before sending new requests; if you
include a Radclient-Query-Id A/V pair in your requests, this will be echoed in
its responses, including those due to RADIUS timeouts. The client handles
retransmission and timeout for outstanding requests in parallel (without using
multiple threads) and will eventually respond to all queries from its parent.

A/V pairs are given in both directions as simple ASCII lines, similar to
those used in FreeRADIUS' radclient.

It handles PAP and CHAP encryption cq. hashing for you if you tell it to.

The advantage of a subprocess over a library in this case is that it can be
used from any language, and that you don't need callbacks or threads to
multiplex with your own program's events.

Cheers,


Emile.

-- 
E-Advies - Emile van Bergen           emile at e-advies.nl      
tel. +31 (0)70 3906153           http://www.e-advies.nl

More information about the Freeradius-Devel mailing list