How to enable Freeradius to support a smart card with AES encryption algorithm?

yao guoxian yaoguoxian at gmail.com
Mon Mar 12 12:13:02 CET 2007


Thanks,Alan.
    But I have a few questions.
    First, if I create a new attribute "My-Aes-Password" and include it in
the  Access-Requet packet, I should not include the attributes such as
"User-Password" or "Chap-Password".Is it right?
    For I have read RFC 2865, and gotten the message from page 64th as "[Note
1] An Access-Request MUST contain either a User-Password or a
CHAP-Password or State. An Access-Request MUST NOT contain both a
User-Password and a CHAP-Password. If future extensions allow other
kinds of authentication information to be conveyed, the attribute for
that can be used in an Access-Request instead of User-Password or
CHAP-Password.", I have this question.
    The second question is about how to write modules.Sorry to ask the same
question,but I want to verify my plan to see if it is pratical. The plan is
as follow: I dont amend the module  "rlm_chap" , I just copy all files in
the ./src/modules/rlm_chap/  to a new dictory "rlm_aes" and rename files
rlm_chap.* to rlm_aes.*. Then I edit rlm-chap.c to alter it  to  use  AES
to  analyze  the  request packet. Is it pratical?

2007/2/3, Alan DeKok <aland at deployingradius.com>:
>
> yao guoxian wrote:
> > Second,suppose we have enabled the NAS(client) and Freeradius to support
> > our specified attribute "My-Aes-Password" , how to write the new module
> > to handle the attribute?
>
>   See the examples & the documentation.  What about them is unclear?
>
> >    Third , how to enable Freeradius and Nas(client) to support our new
> > attribute?Does it need to append the dictionary file a new entry?
>
>   All of this is documented.
>
>   Alan DeKok.
> --
>   http://deployingradius.com       - The web site of the book
>   http://deployingradius.com/blog/ - The blog
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070312/4b33f3bb/attachment.html>


More information about the Freeradius-Users mailing list