[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Using Radius for authentication...

On Tuesday, 22. January 2002 03:31, Nigel Kersten wrote:
> Apologies if I have misunderstood the messages in the archives I've come
> across, but most people seem to want to do things in the opposite direction
> to what I want....
> Basically I am on a sub-campus of a university that uses a modified Radius
> system for the universal login/passwords for students and staff.
> At this stage I have an LDAP directory with accounts in it that are being
> used for authentication in various labs, but my ideal scenario would be one
> where I can do the authentication against the Radius accounts passwords.
> Is this something built into OpenLDAP ? Or will I have to work on patching
> my existing command line client for the radius system into OpenLDAP?


it really depends on what you are doing and what you want to achive. If you 
want to authenticate OpenLDAP access you could enable the (unencrypted) SASL 
PLAIN mechanism (look for sasl_secprops in slapd.conf and the SASL 
documentation) and use a RADIUS-PAM-Module for SASL-Authentication.

If you are currently using a combination of nss_ldap and pam_ldap for 
managing UNIX machines you could replace the authentication part (mainly 
pam_ldap) by a RADIUS PAM module and leave the rest as it is (the passwords 
are not in your directory but in the RADIUS) You will need a mechanism to 
keep the UIDs in sync and you may want above method to provide access to your 

Stephan Siano

Stephan Siano                           Mail:  Stephan.Siano@suse.de
SuSE Linux Solutions AG                 Phone: 06196 50951 31
Mergenthalerallee 45-47			Fax:   06196 409607
D-65760 Eschborn