RADIUS

Book description

None

Table of contents

  1. Preface
    1. Audience
    2. Organization
    3. Conventions Used in This Book
    4. How to Contact Us
    5. Acknowledgments
  2. 1. An Overview of RADIUS
    1. An Overview of AAA
      1. Authentication
      2. Authorization
      3. Accounting
    2. Key Points About AAA Architecture
    3. The Authorization Framework
      1. Authorization Sequences
      2. Roaming
      3. Distributed Services
      4. Policies
      5. Resource and Session Management
    4. And Now, RADIUS
      1. A Brief History
      2. Properties of RADIUS
      3. Limitations of RADIUS
  3. 2. RADIUS Specifics
    1. Using UDP versus TCP
    2. Packet Formats
      1. Code
      2. Identifier
      3. Length
      4. Authenticator
    3. Packet Types
    4. Shared Secrets
    5. Attributes and Values
      1. Attributes
        1. Attribute types
        2. Vendor-specific attributes
      2. Values
      3. Dictionaries
    6. Authentication Methods
      1. PAP
      2. CHAP
      3. Selecting PAP, CHAP, or Other Protocols
    7. Realms
    8. RADIUS Hints
  4. 3. Standard RADIUS Attributes
    1. Attribute Properties
  5. 4. RADIUS Accounting
    1. Key Points in RADIUS Accounting
    2. Basic Operation
      1. More on Proxying
    3. The Accounting Packet Format
      1. Code
      2. Identifier
      3. Length
      4. Authenticator
      5. Reliability of Accounting
    4. Accounting Packet Types
    5. Accounting-specific Attributes
  6. 5. Getting Started with FreeRADIUS
    1. Introduction to FreeRADIUS
    2. Installing FreeRADIUS
      1. The clients File
      2. The naslist File
      3. The naspasswd File
      4. The hints File
      5. The huntgroups File
      6. The users File
      7. The radiusd.conf File
      8. Testing the Initial Setup
    3. In-depth Configuration
      1. Configuring radiusd.conf
      2. Configuring the users File
        1. A sample complete entry
        2. DEFAULT entries
        3. Prefixes and suffixes
        4. Using RADIUS callback
        5. Completely denying access to users
    4. Troubleshooting Common Problems
      1. Linking Errors When Starting FreeRADIUS
      2. Incoming Request Passwords Are Gibberish
      3. NAS Machine Ignores a RADIUS Reply
      4. CHAP Authentication Doesn’t Work Correctly
  7. 6. Advanced FreeRADIUS
    1. Using PAM
    2. Proxying and Realms
    3. Using the clients.conf File
    4. FreeRADIUS with Some NAS Gear
      1. Ascend Equipment
      2. Cisco Equipment
      3. Nortel Equipment
      4. 3Com and US Robotics Equipment
    5. Using MySQL with FreeRADIUS
      1. Extending the MySQL Functionality
        1. Realm support
        2. Redundancy with MySQL
    6. Simultaneous Use
      1. When It Goes Pear Shaped
        1. 3Com and US Robotics equipment
        2. Ascend equipment
        3. Cisco equipment
    7. Monitoring FreeRADIUS
  8. 7. Other RADIUS Applications
    1. RADIUS for Web Authentication
      1. The Functionality
      2. Configuring the Module
      3. Using Challenge-Response with mod_auth_radius
      4. Limitations of the Module
    2. Using the LDAP Directory Service
      1. Configuring FreeRADIUS to Use LDAP
      2. Configuring CommuniGate Pro for LDAP Use
    3. Parsing RADIUS Accounting Files
      1. Generating Reports
        1. Example reports
      2. Using RadiusSplit
  9. 8. The Security of RADIUS
    1. Vulnerabilities
      1. MD5 and the Shared Secret
      2. The Access-Request Packet
      3. The User-Password Cipher Scheme
      4. The User-Password Shared Secret
      5. The User-Password Attribute and Password Attacks
      6. Attacks Using the Request Authenticator
        1. Repeated request authenticators and the User-Password attribute
        2. Shared secrets
    2. The Extensible Authentication Protocol
    3. Compensating for the Deficiencies
    4. Modifying the RADIUS Protocol
  10. 9. New RADIUS Developments
    1. Interim Accounting Updates
    2. The Apple Remote Access Protocol
    3. The Extensible Authentication Protocol
      1. Examples of an EAP Conversation
      2. Potential Uses
    4. Tunneling Protocols
    5. New Extensions Attributes
  11. 10. Deployment Techniques
    1. Typical Services
      1. System Shell Accounts
      2. Direct Connect Accounts
    2. RADIUS and Availability
      1. Determining Normal System Behavior
        1. Explicit requirements
        2. Derived requirements
      2. Points of Failure
      3. Planning to Fail
      4. Proactive System Management
      5. Case Studies in Deployment and Availability
        1. Scenario 1: A small, regional ISP
        2. Scenario 2: A corporation with branch offices
    3. Other Things RADIUS
      1. Other RADIUS Servers
      2. RADIUS Tools
  12. A. Attribute Reference
  13. Index
  14. About the Author
  15. Colophon
  16. Copyright

Product information

  • Title: RADIUS
  • Author(s):
  • Release date:
  • Publisher(s): O'Reilly Media, Inc.
  • ISBN: None