Radius Client UDP port selection

[Brian Candler]

On Sun, Feb 06, 2011 at 10:06:01AM -0000, vijay s sheelavantar wrote:
>    I am talking about pam_radius_client. I want this pam_radius_auth.so
>    client to select a particular UDP port to communicate with external
>    radius server. so that server can send authentication responce on the
>    same port back to client.

Of course, the server will always send the authentication response back to
whatever port the client selected.

Your options are:

1. If pam_radius_client doesn't have the ability to bind to a particular
port, then you can modify the source code to do so. The call you need is
bind() after the socket has been created.

Warning: hacking C code in security-sensitive modules (especially those
running as root) is a risky business.  Get an expert to make this change for
you, or become an expert first.  (Recommended reading: Unix Network
Programming vol 1, and Advanced Programming in the Unix Environment, both by
Richard Stevens)

2. I think you said before you only wanted to make sure that the port was
>32768. So you can configure your OS so that *all* outbound connections bind
to ports >32768.

Google "linux ephemeral port range" for details.

On my system:

$ cat /proc/sys/net/ipv4/ip_local_port_range
32768	61000

So in fact, all connections from my machine would be >=32768 anyway.

Regards,

Brian.