Actually, that is more of a Kerberos system that you are thinking of.
Here is some info on radius:
Taken from rfc 2865 Remote Authentication Dial In User Service (RADIUS).
"Key features of RADIUS are:
Client/Server Model
A Network Access Server (NAS) operates as a client of RADIUS. The
client is responsible for passing user information to designated
RADIUS servers, and then acting on the response which is returned.
RADIUS servers are responsible for receiving user connection
requests, authenticating the user, and then returning all
configuration information necessary for the client to deliver
service to the user.
A RADIUS server can act as a proxy client to other RADIUS servers
or other kinds of authentication servers.
Network Security
Transactions between the client and RADIUS server are
authenticated through the use of a shared secret, which is never
sent over the network. In addition, any user passwords are sent
encrypted between the client and RADIUS server, to eliminate the
possibility that someone snooping on an unsecure network could
determine a user's password."
Basically there is a encryption by using the shared secret, however that
secret is never passed across the network. The only tough problem here is
that you really need to know what is coming in each packet. There is
encryption is each packet that must be dealt with. To do authentication
with radius you need to create sockets and communication back and forth with
the NAS server. This can be some what more complex and you need a more
powerful language than php. I use c and sometimes c++. I like to use php
for the snmp functionality that allows me to query the radius mibs on
network devices. This gives me authentication and accounting information.
I suggest you read up on these rfcs: 2618, 2619, 2620, 2621, 2865, 2866,
2867, 2869, and 3162.
You could also try writing a radius extension for php?
Thank you,
Ray Hunter
Firmware Engineer
ENTERASYS NETWORKS
> -----Original Message-----
> From: Benji Spencer [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, March 28, 2002 7:07 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [PHP] RADIUS - supported in PHP?
>
>
>
> >What are you trying to do with radius and php?
>
> I really don't know yet. We are looking at implementing RADIUS as a
> authentication scheme. I only roughly understand RADIUS,
> which doesn't help
> much. I looked at the RADUIS Apache module, which is where I
> am gaining
> most of my knowledge. It appears to function much like any other
> authentication scheme (at least to some extent) like LDAP or using a
> database (or NT Domain...or...or). As Apache can
> authentication against
> RADIUS, I assumed that such a thing could also be achieved via PHP.
>
> Currently we have an Intranet Portal which authenticates
> against LDAP. We
> would want to change this over to RADIUS if we implemented
> RADIUS. How this
> is done, If it can be done, and what does it take are all
> questions which
> are up in the air at this point.
>
> From my understanding, RADIUS is more or less a ticketing
> mechanism. It is
> configured on the back end to check various sources (files,
> SQL, LDAP), and
> then provides a ticket if authentication is passed. It is
> this ticked which
> is passed around by the client and used to authenticate to the same
> resource, as well as other resources (if you have a valid
> ticket, you are
> not asked for username/password info?).
>
> How close am I in understanding this, as well as making this
> all work in PHP?
>
> thanks..
>
> benji
>
> ---
> Ben Spencer
> Web Support
> [EMAIL PROTECTED]
> x 2288
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
