Hello all! I've wrote an EAP SRP-SHA1 authentication module for freeradius-1.1.7 it needs three internal config attributes to get info from authorization module. Currently - they are # Range: 1220-1222 # EAP-SRP-SHA1 database interface ATTRIBUTE EAP-SRP-Generator-Idx 1220 integer ATTRIBUTE EAP-SRP-Secret 1221 octets ATTRIBUTE EAP-SRP-Salt 1222 octets (in dictionary freeradius.internal) Would you please confirm this allocation or suggest another range before I'll put the code for public access? TIA, Stacy.
Stacy wrote:
I've wrote an EAP SRP-SHA1 authentication module for freeradius-1.1.7
Wonderful.
it needs three internal config attributes to get info from authorization module. Currently - they are # Range: 1220-1222 ... Would you please confirm this allocation or suggest another range before I'll put the code for public access?
Don't worry about the allocation. Just put the code on bugs.freeradius.org. It will be audited for coding style, security, etc. as part of integrating with the server. Alan DeKok.
Hello Alan!
Don't worry about the allocation. Just put the code on bugs.freeradius.org. It will be audited for coding style, security, etc. as part of integrating with the server.
Alan DeKok.
Posted as bug 494. I didn't figured how to put code there so I placed the code at ftp and supplied a link in bug URL. This machine has low bandwidth - so if you'll have troubles downloading - drop me a message - I'll try to find another location. Stacy.
This is really interesting. I wasn't aware of a supplicant that had implemented EAP-SRP. Is there one? josh.
-----Original Message----- From: freeradius-devel-bounces@lists.freeradius.org [mailto:freeradius-devel-bounces@lists.freeradius.org] On Behalf Of Stacy Sent: 28 November 2007 03:51 To: freeradius-devel@lists.freeradius.org Subject: EAP SRP-SHA1 support
Hello all!
I've wrote an EAP SRP-SHA1 authentication module for freeradius-1.1.7
it needs three internal config attributes to get info
from authorization module. Currently - they are
# Range: 1220-1222
# EAP-SRP-SHA1 database interface
ATTRIBUTE EAP-SRP-Generator-Idx 1220 integer
ATTRIBUTE EAP-SRP-Secret 1221 octets
ATTRIBUTE EAP-SRP-Salt 1222 octets
(in dictionary freeradius.internal)
Would you please confirm this allocation or suggest another
range before I'll put the code for public access?
TIA,
Stacy.
JANET(UK) is a trading name of The JNT Association, a company limited by guarantee which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG
On Wednesday 28 November 2007 17:54, Josh Howlett wrote:
This is really interesting. I wasn't aware of a supplicant that had implemented EAP-SRP. Is there one?
josh.
No I don't know about supplicant - but pppd implements EAP-SRP-SHA1. We (here at glb.net) are using PAP over EAP-TTLS to authenticate ADSL clients. EAP-TTLS is great thing because it avoids storing clear-text passwords in database (using PAP inside the tunnel), not easily breakable and avoids client-side certs that are a pain. But unfortunately there are no client side pppd implementation for unix. At least the one I know about. And another great auth proto which is as good as PAP over EAP-TTLS is SRP-SHA1 that is supported in standard pppd. So I wrote rlm_eap_srp_sha1 to allow UNIX ADSL clients to authorize securely. Unfortunately I am the only one such client for a while :)))) Stacy.
participants (3)
-
Alan DeKok -
Josh Howlett -
Stacy