setup question : mschap + perl authentication

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Tue Jul 10 14:07:51 CEST 2007


Hi,

> Ah yes, I can see that being a problem, damn this means we can't offer 
> any JRS authenticated services other than wireless and wired network access.
> We were planning on a few kiosks dotted around campus... though in 
> theory if those Kiosks supported EAP Based login, the tunnel would be 
> between the Kiosk and the users Home RADIUS server... Would this be 
> acceptable, Or would the fact that we could still theoretically capture 
> the users credentials from the login screen be an issue ?
> > Note also that your problems _can_ be solved quite cleanly,
> Shibboleth is in no way clean ! It's an evil necessary... actually the 
> Idea is good ,Just the WAYF page is just so horribly cludgy.
> I think the idea of a pre-login form on the authenticated service would 
> be a good idea.


install pGina on the kiosk systems, for example...and let those kiosk systems
talk directly back to your ORPS RADIUS server. the request will then
be proxied through to the home site if they are a visitor (ie dont enter
your realm)

alan



More information about the Freeradius-Users mailing list