Authenticator -to- RADIUS connection
Alan DeKok
aland at deployingradius.com
Tue Oct 5 15:33:38 CEST 2021
On Oct 5, 2021, at 9:29 AM, Turner, Randy <Randy.Turner at landisgyr.com> wrote:
>
> There appears to be numerous modules for allowing RADIUS clients to authenticate in any number of ways…but I didn’t see any modules that control how the “authenticator” authenticates to FreeRADIUS…
For the simple reason that it's impossible.
How does a web server control whether the browser does GET / POST / whatever?
How does a DNS server control whether the client asks for an A / AAA / NS record?
It doesn't. It's impossible.
FreeRADIUS supports PAP, CHAP, MS-CHAP, HTTP Digest, EAP, etc. All of this is documented. There is simply no way (outside of very narrow situations) for the server to tell the client "use CHAP and not PAP".
Alan DeKok.
More information about the Freeradius-Users
mailing list