Alain Perry <[EMAIL PROTECTED]> wrote: > I'm curious about the possibility to use PGP keys to authenticate users > via a challenge. I'm using an LDAP database to store my users > information, and this is working great with a simple login/password > scheme for the moment. However, I would really like to be able to > authenticate them using a random string which would be encrypted using > their public key, and they would just have to decipher it and they send > back the string.
What software exists on the client side to do this? If the answer is "none", there isn't much point in doing it. > I'm barely understanding if EAP could help on that (all > documentation I find is evasive about EAP when not related to 802.1x)... EAP started off as part of PPP. It's used elsewhere now. To do this, you could use EAP-GTC, but few clients implement it as-is. It's usually part of EAP-TTLS or PEAP. > Could any of you tell me if this would be possible with FreeRADIUS as it > is now ? Would I have to modify its code ? Would EAP really help ? If you're doing wireless, use EAP. If not, don't. FreeRADIUS can do challenge-response fairly easily, but you will have to write code to decide what to use for a challenge, and how to verify the response. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html