[Date Prev][Date Next]
Re: Using Radius for authentication...
On Tuesday, 22. January 2002 03:31, Nigel Kersten wrote:
> Apologies if I have misunderstood the messages in the archives I've come
> across, but most people seem to want to do things in the opposite direction
> to what I want....
> Basically I am on a sub-campus of a university that uses a modified Radius
> system for the universal login/passwords for students and staff.
> At this stage I have an LDAP directory with accounts in it that are being
> used for authentication in various labs, but my ideal scenario would be one
> where I can do the authentication against the Radius accounts passwords.
> Is this something built into OpenLDAP ? Or will I have to work on patching
> my existing command line client for the radius system into OpenLDAP?
it really depends on what you are doing and what you want to achive. If you
want to authenticate OpenLDAP access you could enable the (unencrypted) SASL
PLAIN mechanism (look for sasl_secprops in slapd.conf and the SASL
documentation) and use a RADIUS-PAM-Module for SASL-Authentication.
If you are currently using a combination of nss_ldap and pam_ldap for
managing UNIX machines you could replace the authentication part (mainly
pam_ldap) by a RADIUS PAM module and leave the rest as it is (the passwords
are not in your directory but in the RADIUS) You will need a mechanism to
keep the UIDs in sync and you may want above method to provide access to your
Stephan Siano Mail: Stephan.Siano@suse.de
SuSE Linux Solutions AG Phone: 06196 50951 31
Mergenthalerallee 45-47 Fax: 06196 409607